# Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

- Prevalence: High Frequently exploited
- Impact: Critical 4 critical-severity rules
- Prevention: Documented 14 fix examples

**OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1

## Description

There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker.

## Prevention

Prevention strategies for Information Exposure based on 14 Shoulder detection rules.

### Go

Use environment variables for configuration only; never log or return their values

Store API keys in environment variables, never log them, and protect model endpoints with authentication

Mask PII and redact credentials before sending data to LLM APIs, and use structured logging

### Node.js

Use secrets internally without exposing them in logs, responses, or client-side code

Load API keys from environment variables and proxy LLM calls through your server

Mask or redact PII and credentials before sending data to LLM APIs

### Python

Return generic error messages to users; log detailed errors server-side only

Use Presidio or similar libraries to anonymize PII before sending data to LLM APIs

Use explicit field selection or serializer schemas to exclude sensitive fields from responses

## Warning Signs

- [HIGH] Model theft vulnerability: ...
- [HIGH] vulnerabilities leading to model theft or API key exposure such as hardcoded keys or insecure model 
- [HIGH] Potential sensitive information disclosure: ...
- [HIGH] sensitive information disclosure in AI/LLM implementations such as credentials or PII in prompts
- [HIGH] when environment variables (which may contain secrets like API keys,
passwords, tokens) are leaked t
- [HIGH] vulnerabilities that could lead to model theft or API key exposure
- [HIGH] potential sensitive information disclosure in AI/LLM implementations
- [MEDIUM] information disclosure vulnerabilities: debug mode enabled, exposing
stack traces, returning detaile

## Consequences

- Read Application Data
- Read Files or Directories

## Mitigations

- Compartmentalize the system to have safe areas where trust boundaries can be unambiguously drawn
- Ensure error messages only contain minimal details useful for the intended audience

## Detection

- Total rules: 14
- Critical: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (5 rules)

- **Environment Variable Secret Exposure** [HIGH]: Detects when environment variables (which may contain secrets like API keys,
passwords, tokens) are leaked through logging, HTTP responses, or external requests.

Environment variables commonly store sensitive data:
- API keys (AWS_ACCESS_KEY_ID, STRIPE_SECRET_KEY)
- Database passwords (DB_PASSWORD, DATABASE_URL)
- JWT secrets (JWT_SECRET)
- OAuth tokens (GITHUB_TOKEN, SLACK_TOKEN)

Leaking these values exposes credentials and allows unauthorized access.

This rule uses taint flow analysis to detect when process.env flows to:
- Logging functions (console.log, winston, etc.)
- HTTP responses (res.send, res.json)
- External HTTP requests
- Client-side code (sent to browser)
  - Remediation: Use secrets internally without exposing them in logs or responses:

```javascript
const apiKey = process.env.API_KEY;
console.log('API key configured:', !!apiKey);

const jwtSecret = process.env.JWT_SECRET;
const token = jwt.sign({ userId: user.id }, jwtSecret);
res.json({ token });
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/env-vars-secret-exposure
- **LLM Model Theft** [HIGH]: Detects vulnerabilities that could lead to model theft or API key exposure.
OWASP LLM10 - Model Theft.

Model theft can occur through:
- API key exposure in client-side code or logs
- Model weights exposed via insecure endpoints
- Model extraction attacks via unrestricted API access
- Insecure model serialization and storage
- Missing access controls on model endpoints

This rule detects:
- Hardcoded API keys in source code
- API keys in client-side JavaScript
- Model files served without authentication
- Missing rate limiting on inference endpoints
- Model parameters logged or exposed
  - Remediation: Load API keys from environment variables and proxy LLM calls through your server.

```javascript
const openai = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY
});
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/llm-model-theft
- **LLM Sensitive Information Disclosure** [HIGH]: Detects potential sensitive information disclosure in AI/LLM implementations.
OWASP LLM06 - Sensitive Information Disclosure.

Sensitive information can be leaked through:
- PII (Personal Identifiable Information) in prompts
- Credentials or secrets in prompts or system messages
- Sensitive business data sent to third-party LLM APIs
- Logging LLM conversations containing sensitive data
- LLM responses exposed without filtering

This rule detects:
- Sensitive data patterns in LLM prompts
- Credentials passed to AI APIs
- Logging of LLM conversations
- Database queries in prompts
- PII patterns in messages
  - Remediation: Mask or redact PII and credentials before sending data to LLM APIs.

```javascript
const masked = maskPII(userInput);
const response = await openai.chat.completions.create({
  messages: [{ role: 'user', content: masked }]
});
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/llm-sensitive-info-disclosure
- **Sensitive Field Exposure in API Response** [CRITICAL]: Detects when sensitive data fields (passwords, tokens, secrets, API keys) are
exposed through API endpoint responses. This commonly happens when:

1. Mapping user data with sensitive fields: `.map(u => ({ password: u.password }))`
2. Returning entire user objects: `res.json(user)` where user has password field
3. Including sensitive fields in response objects: `res.json({ password: user.password })`

This is particularly dangerous when AI-generated code returns user collections
without filtering sensitive fields, as in debug endpoints or admin panels.

Security Impact:
- Password hash exposure enabling offline cracking attacks
- API key/token leakage allowing account takeover
- Session token exposure enabling session hijacking
- PII disclosure violating privacy regulations (GDPR, CCPA)
  - Remediation: Use explicit field selection to exclude sensitive data from responses:

```javascript
app.get('/api/user/:id', async (req, res) => {
  const user = await User.findById(req.params.id);
  const { password, refreshToken, ...safeUser } = user;
  res.json(safeUser);
});
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/sensitive-field-response-exposure
- **Prisma Sensitive Field Exposure** [CRITICAL]: Prisma returns all fields by default. Without 'select' or 'omit', password hashes
and API tokens can leak to clients.
  - Remediation: Use 'select' to whitelist safe fields in all queries.

```typescript
const users = await prisma.user.findMany({
  select: {
    id: true,
    email: true,
    name: true
    // passwordHash NOT included
  }
});
```

Learn more: https://shoulder.dev/learn/typescript/cwe-200/sensitive-field-exposure

### Typescript (5 rules)

- **Environment Variable Secret Exposure** [HIGH]: Detects when environment variables (which may contain secrets like API keys,
passwords, tokens) are leaked through logging, HTTP responses, or external requests.

Environment variables commonly store sensitive data:
- API keys (AWS_ACCESS_KEY_ID, STRIPE_SECRET_KEY)
- Database passwords (DB_PASSWORD, DATABASE_URL)
- JWT secrets (JWT_SECRET)
- OAuth tokens (GITHUB_TOKEN, SLACK_TOKEN)

Leaking these values exposes credentials and allows unauthorized access.

This rule uses taint flow analysis to detect when process.env flows to:
- Logging functions (console.log, winston, etc.)
- HTTP responses (res.send, res.json)
- External HTTP requests
- Client-side code (sent to browser)
  - Remediation: Use secrets internally without exposing them in logs or responses:

```javascript
const apiKey = process.env.API_KEY;
console.log('API key configured:', !!apiKey);

const jwtSecret = process.env.JWT_SECRET;
const token = jwt.sign({ userId: user.id }, jwtSecret);
res.json({ token });
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/env-vars-secret-exposure
- **LLM Model Theft** [HIGH]: Detects vulnerabilities that could lead to model theft or API key exposure.
OWASP LLM10 - Model Theft.

Model theft can occur through:
- API key exposure in client-side code or logs
- Model weights exposed via insecure endpoints
- Model extraction attacks via unrestricted API access
- Insecure model serialization and storage
- Missing access controls on model endpoints

This rule detects:
- Hardcoded API keys in source code
- API keys in client-side JavaScript
- Model files served without authentication
- Missing rate limiting on inference endpoints
- Model parameters logged or exposed
  - Remediation: Load API keys from environment variables and proxy LLM calls through your server.

```javascript
const openai = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY
});
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/llm-model-theft
- **LLM Sensitive Information Disclosure** [HIGH]: Detects potential sensitive information disclosure in AI/LLM implementations.
OWASP LLM06 - Sensitive Information Disclosure.

Sensitive information can be leaked through:
- PII (Personal Identifiable Information) in prompts
- Credentials or secrets in prompts or system messages
- Sensitive business data sent to third-party LLM APIs
- Logging LLM conversations containing sensitive data
- LLM responses exposed without filtering

This rule detects:
- Sensitive data patterns in LLM prompts
- Credentials passed to AI APIs
- Logging of LLM conversations
- Database queries in prompts
- PII patterns in messages
  - Remediation: Mask or redact PII and credentials before sending data to LLM APIs.

```javascript
const masked = maskPII(userInput);
const response = await openai.chat.completions.create({
  messages: [{ role: 'user', content: masked }]
});
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/llm-sensitive-info-disclosure
- **Sensitive Field Exposure in API Response** [CRITICAL]: Detects when sensitive data fields (passwords, tokens, secrets, API keys) are
exposed through API endpoint responses. This commonly happens when:

1. Mapping user data with sensitive fields: `.map(u => ({ password: u.password }))`
2. Returning entire user objects: `res.json(user)` where user has password field
3. Including sensitive fields in response objects: `res.json({ password: user.password })`

This is particularly dangerous when AI-generated code returns user collections
without filtering sensitive fields, as in debug endpoints or admin panels.

Security Impact:
- Password hash exposure enabling offline cracking attacks
- API key/token leakage allowing account takeover
- Session token exposure enabling session hijacking
- PII disclosure violating privacy regulations (GDPR, CCPA)
  - Remediation: Use explicit field selection to exclude sensitive data from responses:

```javascript
app.get('/api/user/:id', async (req, res) => {
  const user = await User.findById(req.params.id);
  const { password, refreshToken, ...safeUser } = user;
  res.json(safeUser);
});
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/sensitive-field-response-exposure
- **Prisma Sensitive Field Exposure** [CRITICAL]: Prisma returns all fields by default. Without 'select' or 'omit', password hashes
and API tokens can leak to clients.
  - Remediation: Use 'select' to whitelist safe fields in all queries.

```typescript
const users = await prisma.user.findMany({
  select: {
    id: true,
    email: true,
    name: true
    // passwordHash NOT included
  }
});
```

Learn more: https://shoulder.dev/learn/typescript/cwe-200/sensitive-field-exposure

### Python (5 rules)

- **Information Disclosure** [MEDIUM]: Detects information disclosure vulnerabilities: debug mode enabled, exposing
stack traces, returning detailed error messages, or leaking sensitive data.
  - Remediation: Load debug mode from environment and return generic error messages.

```python
import os

DEBUG = os.environ.get('FLASK_ENV') == 'development'

@app.route('/api/data')
def handler():
    try:
        return risky_operation()
    except Exception as e:
        app.logger.error(f"Error: {e}")
        return jsonify({'error': 'Internal error'}), 500
```

Learn more: https://shoulder.dev/learn/python/cwe-200/information-disclosure
- **LLM Model Theft** [HIGH]: Detects vulnerabilities that could lead to model theft or API key exposure.
OWASP LLM10 - Model Theft.

Model theft can occur through:
- API key exposure in source code or logs
- Model weights exposed via insecure endpoints
- Model extraction attacks via unrestricted API access
- Insecure model serialization and storage
  - Remediation: Load API keys from environment variables instead of hardcoding.

```python
import os
from openai import OpenAI

client = OpenAI(api_key=os.environ.get('OPENAI_API_KEY'))

# Never log API keys
logger.info('API request', extra={'model': 'gpt-4', 'tokens': 100})
```

Learn more: https://shoulder.dev/learn/python/cwe-200/llm-model-theft
- **LLM Sensitive Information Disclosure** [HIGH]: Detects potential sensitive information disclosure in AI/LLM implementations.
OWASP LLM06 - Sensitive Information Disclosure.

Sensitive information can be leaked through:
- PII (Personal Identifiable Information) in prompts
- Credentials or secrets in prompts or system messages
- Sensitive business data sent to third-party LLM APIs
- Logging LLM conversations containing sensitive data
  - Remediation: Use Presidio to anonymize PII before sending to LLM APIs.

```python
from presidio_analyzer import AnalyzerEngine
from presidio_anonymizer import AnonymizerEngine

analyzer = AnalyzerEngine()
anonymizer = AnonymizerEngine()

def anonymize_text(text: str) -> str:
    results = analyzer.analyze(text=text, language='en')
    return anonymizer.anonymize(text=text, analyzer_results=results).text

safe_message = anonymize_text(user_message)
```

Learn more: https://shoulder.dev/learn/python/cwe-200/llm-sensitive-info-disclosure
- **Sensitive Field Exposure in API Response** [CRITICAL]: Detects when sensitive data fields (passwords, tokens, secrets) are
exposed through API endpoint responses. This commonly happens when:

1. Returning user dictionaries with sensitive fields
2. Serializing ORM objects without excluding sensitive fields
3. Including sensitive fields in JSON responses

Security Impact:
- Password hash exposure enabling offline cracking attacks
- API key/token leakage allowing account takeover
- Session token exposure enabling session hijacking
- PII disclosure violating privacy regulations (GDPR, CCPA)
  - Remediation: Use explicit field selection or Pydantic/Marshmallow schemas to exclude sensitive fields.

```python
from flask import jsonify

@app.route('/api/users')
def get_users():
    users = User.query.all()
    return jsonify([{
        'id': u.id,
        'email': u.email,
        'name': u.name
        # password excluded
    } for u in users])
```

Learn more: https://shoulder.dev/learn/python/cwe-200/sensitive-field-response-exposure
- **Server Information Disclosure** [LOW]: Detects server configuration that exposes version information, framework details,
or other implementation details through HTTP headers. This information helps
attackers identify known vulnerabilities in specific versions.
  - Remediation: Remove the Server header and disable debug mode in production.

```python
from flask import Flask
import os

app = Flask(__name__)

@app.after_request
def remove_server_header(response):
    response.headers.pop('Server', None)
    return response

# Django: DEBUG = os.getenv('DEBUG', 'False').lower() == 'true'
```

Learn more: https://shoulder.dev/learn/python/cwe-200/server-information

### Go (4 rules)

- **Environment Variable Secret Exposure** [HIGH]: Environment variables containing secrets flow to logs or HTTP responses.
  - Remediation: Use environment variables for configuration only, never log or return them.

```go
apiKey := os.Getenv("API_KEY")
if apiKey == "" {
    log.Fatal("API_KEY not configured")
}
// Use apiKey internally, never log or return it
```

Learn more: https://shoulder.dev/learn/go/cwe-200/env-vars-secret-exposure
- **LLM Model Theft** [HIGH]: Detects vulnerabilities leading to model theft or API key exposure such as hardcoded keys or insecure model endpoints.
  - Remediation: Use environment variables for API keys and authenticate model endpoints.

```go
client := openai.NewClient(os.Getenv("OPENAI_API_KEY"))
```

Learn more: https://shoulder.dev/learn/go/cwe-200/llm-model-theft
- **LLM Sensitive Information Disclosure** [HIGH]: Detects sensitive information disclosure in AI/LLM implementations such as credentials or PII in prompts.
  - Remediation: Mask or redact PII and credentials before sending to LLM APIs.

```go
safeMessage := maskPII(userInput)
safeMessage = redactCredentials(safeMessage)
```

Learn more: https://shoulder.dev/learn/go/cwe-200/llm-sensitive-info-disclosure
- **Sensitive Field Exposure in API Response** [CRITICAL]: Sensitive fields like password, token, or apiKey included in HTTP responses.
  - Remediation: Use response DTOs or json:"-" tag to exclude sensitive fields.

```go
type User struct {
    ID       string `json:"id"`
    Email    string `json:"email"`
    Password string `json:"-"` // Never serialized
}
```

Learn more: https://shoulder.dev/learn/go/cwe-200/sensitive-field-response-exposure