Plaintext Storage in the Registry
Weakness ID: 314 (Weakness Variant)Status: Draft
+ Description

Description Summary

Storing sensitive data in plaintext in the registry makes the data more easily accessible than if encrypted. This significantly lowers the difficulty of exploitation by attackers.
+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-2005-2227Plaintext passwords in registry key.
+ Potential Mitigations

Sensitive information should not be stored in plaintext in a registry. Even if heavy fortifications are in place, sensitive data should be encrypted to prevent the risk of losing confidentiality.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base312Cleartext Storage of Sensitive Information
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERPlaintext Storage in Registry
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
37Lifting Data Embedded in Client Distributions
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Plaintext Storage in Registry
Back to top