Inclusion of Sensitive Information in Test Code

Incomplete Variant

Structure: Simple

Description

Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.

Common Consequences 1

Scope: Confidentiality

Impact: Read Application Data

Potential Mitigations 1

Phase: DistributionInstallation

Remove test code before deploying the application into production.

Demonstrative Examples 1

Examples of common issues with test applications include administrative functions, listings of usernames, passwords or session identifiers and information about the system, server or application configuration.

Modes of Introduction

Testing

Related Weaknesses

ChildOf:

Inclusion of Sensitive Information in Source Code (CWE-540)

Taxonomy Mapping

Software Fault Patterns