flowleak

Flowleak is a term used in information security to describe the unintended leakage of sensitive information through the data flow paths of a software system. It occurs when data representing a confidential source is propagated to outputs, logs, or other components that are not authorized to access it, even if no explicit exfiltration occurs. The concept emphasizes how information can travel through a program via variables, function calls, or integrated services, creating an avenue for leakage beyond conventional access controls.

Flowleaks commonly arise from imperfect taint tracking, misconfigured logging, verbose error reporting, or inadequate data redaction.

Examples include a web API returning a user identifier along with a non-sensitive field in a general

Detection and mitigation for flowleak rely on information-flow analysis tools that track taint from sensitive sources

See also: information flow security, taint analysis, data leakage, side-channel attack.