SYM_PY_0091 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Sensitive Information to an Unauthorized Actor
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
Binding a server socket to '0.0.0.0', '::', or an empty string listens on all network interfaces, making the service accessible from any network. This can unintentionally expose your application to the public internet or untrusted networks.
Impact
If exploited, unauthorized users could connect to your server, potentially accessing sensitive data or abusing application functions. This broad exposure increases the risk of data leaks, unauthorized access, and attacks against your system from external sources.