Exposure of Sensitive Information to an Unauthorized Actor
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
Binding a server socket to ‘0.0.0.0’, ‘::’, or an empty string listens on all network interfaces, making the service accessible from any network. This can unintentionally expose your application to the public internet or untrusted networks.
Impact#
If exploited, unauthorized users could connect to your server, potentially accessing sensitive data or abusing application functions. This broad exposure increases the risk of data leaks, unauthorized access, and attacks against your system from external sources.