Plaintext Storage in Executable |
Weakness ID: 318 (Weakness Variant) | Status: Draft |
Description Summary
Reference | Description |
---|---|
CVE-2005-1794 | Product stores RSA private key in a DLL and uses it to sign a certificate, allowing spoofing of servers and MITM attacks. |
Sensitive information should not be stored in an executable. Even if heavy fortifications are in place, sensitive data should be encrypted to prevent the risk of losing confidentiality. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 312 | Cleartext Storage of Sensitive Information | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Plaintext Storage in Executable |
Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.
28 June 2016