Plaintext Storage in a File or on Disk
Weakness ID: 313 (Weakness Variant)Status: Draft
+ Description

Description Summary

Storing sensitive data in plaintext in a file, or on disk, makes the data more easily accessible than if encrypted. This significantly lowers the difficulty of exploitation by attackers.
+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms



+ Observed Examples
CVE-2001-1481Plaintext credentials in world-readable file.
CVE-2005-1828Password in cleartext in config file.
CVE-2005-2209Password in cleartext in config file.
CVE-2002-1696Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.
CVE-2004-2397Plaintext storage of private key and passphrase in log file when user imports the key.
+ Potential Mitigations

Secret information should not be stored in plaintext in a file or disk. Even if heavy fortifications are in place, sensitive data should be encrypted to prevent the risk of losing confidentiality.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base312Cleartext Storage of Sensitive Information
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERPlaintext Storage in File or on Disk
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Plaintext Storage in File or on Disk