Information Disclosure

Information disclosure occurs when applications reveal confidential information such as personal data, tokens, credentials, internal errors, source code, API keys, configuration files, user records, or system details. This exposure may happen through misconfigured responses, verbose errors, insecure APIs, public files, weak access control, or accidental data leakage. In security testing, information disclosure is assessed based on sensitivity, accessibility, exploitability, and business impact.