Learn about CWE 388, a vulnerability categorized under the Seven Pernicious Kingdoms. Errors in application error management can lead to security vulnerabilities through error mishandling, neglect, or excessive information disclosure.
This particular group falls under the phylum of vulnerabilities known as the Seven Pernicious Kingdoms. It comprises of weaknesses that arise when an application fails to appropriately manage errors that occur during processing. In accordance with the authors of the Seven Pernicious Kingdoms, errors and their handling are classified as an API category on their own. Errors associated with error handling are so frequent that they warrant a separate kingdom. Similar to "API Abuse," there are two approaches to introducing a security vulnerability related to errors. The most common one involves mishandling errors or neglecting them altogether. The second approach entails generating errors that either disclose excessive information to potential attackers or are challenging to handle.