Cleartext Storage of Sensitive Information |
Weakness ID: 312 (Weakness Base) | Status: Draft |
Description Summary
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere, when the information should be encrypted or otherwise protected.
Extended Description
Because the information is stored in cleartext, attackers could potentially read it.
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 311 | Missing SecurityDatabase\Encrypt\Encryption of Sensitive Data | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 313 | Plaintext Storage in a File or on Disk | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 314 | Plaintext Storage in the Registry | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 315 | Plaintext Storage in a Cookie | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 316 | Plaintext Storage in Memory | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 317 | Plaintext Storage in GUI | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 318 | Plaintext Storage in Executable | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Plaintext Storage of Sensitive Information |
CAPEC-ID | Attack Pattern Name | (CAPEC Version: 1.4) |
---|---|---|
37 | Lifting Data Embedded in Client Distributions |
[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 9, "Protecting Secret Data" Page 299. 2nd Edition. Microsoft. 2002. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-01-12 | CWE Content Team | MITRE | Internal | |
updated Description, Name | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2009-01-12 | Plaintext Storage of Sensitive Information | |||