A security analyst is using Burp Suite to test an API endpoint. The analyst notices that the API returns detailed error messages when invalid input is provided, revealing database schema information. Which OWASP Top 10 category does this issue primarily relate to?
Verbose error messages are a classic security misconfiguration that can leak sensitive information.
Why this answer
Detailed error messages revealing internal details are a form of security misconfiguration. The OWASP Top 10 category 'Security Misconfiguration' includes verbose error messages that leak information.