[
https://issues.apache.org/jira/browse/CB-12431?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shazron Abdullah updated CB-12431:
----------------------------------
Component/s: Android
> Information Exposure Through an Error Message
> ----------------------------------------------
>
> Key: CB-12431
> URL: https://issues.apache.org/jira/browse/CB-12431
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Reporter: Sahil
>
> During VARACODE Static Scan for the Cordova based android App has the
> foloowing Flaw
> Attack Vector: java.lang.Throwable.printStackTrace
> Description: The application calls the java.lang.Throwable.printStackTrace()
> function, which may expose information about the application logic or other
> details such as the names and versions of the application container and
> associated components. This information can be useful in executing other
> attacks and can also enable the attacker to target known vulnerabilities in
> application components. The first argument to printStackTrace() contains data
> from an error message (possibly containing user-specified or database data)
> from the variables (new PrintWriter(...)). The data from an error message
> (possibly containing user-specified or database data) originated from an
> earlier call to java.lang.exception.printstacktrace.
> Remediation: Ensure that error codes or other messages returned to end users
> are not overly verbose. Sanitize all messages of any sensitive information
> that is not absolutely necessary.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
