CWE-528 (将CoreDump文件暴露给非授权控制范围) — Vulnerability Class 2

CWE-528 represents a critical information exposure weakness where software inadvertently generates core dump files containing sensitive data, such as memory contents and stack traces, and stores them in locations accessible to unauthorized actors. Attackers typically exploit this vulnerability by locating these dump files, often in default or poorly secured directories, to extract credentials, session tokens, or proprietary algorithmic logic embedded within the process memory. This exposure can lead to severe confidentiality breaches, enabling further attacks like privilege escalation or reverse engineering. To mitigate this risk, developers must configure systems to restrict core dump generation, ensuring they are stored only in highly secured, access-controlled directories. Additionally, implementing automatic deletion policies and auditing file permissions are essential practices to prevent unauthorized access to these potentially sensitive artifacts.