Plaintext Storage in GUI |
Weakness ID: 317 (Weakness Variant) | Status: Draft |
Description Summary
Storing sensitive data in plaintext within the GUI makes the data more easily accessible than if encrypted. This significantly lowers the difficulty of exploitation by attackers.
Extended Description
An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus.
Reference | Description |
---|---|
CVE-2002-1848 | Unencrypted passwords stored in GUI dialog may allow local users to access the passwords. |
Sensitive information should not be stored in plaintext in a GUI. Even if heavy fortifications are in place, sensitive data should be encrypted to prevent the risk of losing confidentiality. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 312 | Cleartext Storage of Sensitive Information | Development Concepts (primary)699 Research Concepts (primary)1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Description, Relationships, Taxonomy Mappings |