Plaintext Storage in a File or on Disk |
Weakness ID: 313 (Weakness Variant) | Status: Draft |
Description Summary
Storing sensitive data in plaintext in a file, or on disk, makes the data more easily accessible than if encrypted. This significantly lowers the difficulty of exploitation by attackers.
Reference | Description |
---|---|
CVE-2001-1481 | Plaintext credentials in world-readable file. |
CVE-2005-1828 | Password in cleartext in config file. |
CVE-2005-2209 | Password in cleartext in config file. |
CVE-2002-1696 | Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message. |
CVE-2004-2397 | Plaintext storage of private key and passphrase in log file when user imports the key. |
Secret information should not be stored in plaintext in a file or disk. Even if heavy fortifications are in place, sensitive data should be encrypted to prevent the risk of losing confidentiality. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 312 | Cleartext Storage of Sensitive Information | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Plaintext Storage in File or on Disk |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Plaintext Storage in File or on Disk | |||