CWE-541
Inclusion of Sensitive Information in an Include File
Description
If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
Consequences
Confidentiality
—
Read Application Data
Mitigations
Phase: Architecture and Design
Do not store sensitive information in include files.
Phase: Architecture and Design, System Configuration
Protect include files from being exposed.