Inclusion of Sensitive Information in an Include File
CWE-541
Short description
If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.
Best practices to prevent this CWE
Phase: Architecture and Design
Do not store sensitive information in include files.
Phase: Architecture and Design; System Configuration