CWE-1295: Debug Messages Revealing Unnecessary Information
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.
常见后果
影响范围: Confidentiality Integrity Availability Access Control Accountability Authentication Authorization Non-Repudiation
技术影响: Read Memory Bypass Protection Mechanism Gain Privileges or Assume Identity Varies by Context
潜在缓解措施
阶段: Implementation
描述: Ensure that a debug message does not reveal any unnecessary information during the debug process for the intended response.
观察示例
参考: CVE-2021-25476
Digital Rights Management (DRM) capability for mobile platform leaks pointer information, simplifying ASLR bypass
参考: CVE-2020-24491
Processor generates debug message that contains sensitive information ("addresses of memory transactions").
参考: CVE-2017-18326
modem debug messages include cryptographic keys
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |