Information leakage allows an application to reveal sensitive data such as technical details of the application, developer comments, environment, or user-specific data. This sensitive data may then be used by an attacker to exploit the target application, its hosting network, or its users.
Information leakage, in its most common form, is the result of one or more of the following conditions: a failure to scrub out HTML/script comments containing sensitive information; improper application or server configurations; or differences in page responses for valid vs. invalid data.
Sensitive information may be present within HTML comments, error messages, source code, or simply left in plain sight, and there are many ways a website can be coaxed into revealing this type of information. While Information Leakage doesn't necessarily represent a breach in security, it does give an attacker useful guidance for future exploitation.