.. include:: ../../Includes.txt


.. _information-disclosure:

Information disclosure
^^^^^^^^^^^^^^^^^^^^^^

This means that the system makes (under certain circumstances)
information available to an outside person. Such information could be
sensitive user data (e.g. names, addresses, customer data, credit card
details, etc.) or details about the system (such as the file system
structure, installed software, configuration options, version numbers,
etc). An attacker could use this information to craft an attack
against the system.

There is a fine line between the protection against information
disclosure and so called "security by obscurity". Latter means, that
system administrators or developers try to protect their
infrastructure or software by hiding or obscuring it. An example would
be to not reveal that TYPO3 is used as the content management system
or a specific version of TYPO3 is used. Security experts say, that
"security by obscurity" is not security, simply because it does not
solve the root of a problem (e.g. a security vulnerability) but tries
to obscure the facts only.