🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Information Disclosure

Information disclosure, or information leakage, occurs when an app unintentionally exposes sensitive information to its users. Depending on the context, app may inadvertently disclose various types of information to adversaries, such as:

  • Data concerning other users, like usernames or financial information
  • Sensitive commercial or business data
  • Technical details about the app and its infrastructure

Remediation

  • Disable any debugging endpoint (e.g. GraphQL Introspect)
  • Only return generic error messages

Metadata

  • Severity: low
  • Slug: information-disclosure

CWEs

  • 497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

OWASP

  • A05:2021: Security Misconfiguration
  • A03:2017: Sensitive Data Exposure

Available Labs

Select a language to explore available labs for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.