Back to CWE list
CWE-541
Inclusion of Sensitive Information in an Include File
Variant
Incomplete
Description
If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Confidentiality
Impact
Read Application Data
Potential Mitigations
Architecture and Design
Do not store sensitive information in include files.
Architecture and Design
System Configuration
Protect include files from being exposed.
Applicable Platforms
Not Language-Specific
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now