Information Leak Through Browser Caching
Weakness ID: 525 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

For each web page, the application should have an appropriate caching policy specifying the extent to which the page and its form fields should be cached.
+ Time of Introduction
  • Implementation
+ Common Consequences
ScopeEffect
Confidentiality

Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries and Internet cafes.

+ Potential Mitigations

Protect information stored in cache.

Phases: Architecture and Design; Implementation

Use a restrictive caching policy for forms and web pages that potentially contain sensitive information.

Do not store unnecessarily sensitive information in the cache.

Consider using encryption in the cache.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness VariantWeakness Variant524Information Leak Through Caching
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory723OWASP Top Ten 2004 Category A2 - Broken Access Control
Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOfCategoryCategory724OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Weaknesses in OWASP Top Ten (2004)711
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
Anonymous Tool Vendor (under NDA)
OWASP Top Ten 2004A2CWE More SpecificBroken Access Control
OWASP Top Ten 2004A3CWE More SpecificBroken Authentication and Session Management
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
37Lifting Data Embedded in Client Distributions
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Anonymous Tool Vendor (under NDA)Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2009-10-29CWE Content TeamMITREInternal
updated Common Consequences, Other Notes, Potential Mitigations