CWE-319 - Cleartext Transmission of Sensitive Information

Read Time:1 Minute, 49 Second

Description

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Many communication channels can be “sniffed” by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit: High

Related Weaknesses

CWE-311
CWE-311

Consequences

Integrity, Confidentiality: Read Application Data, Modify Files or Directories

Anyone can read the information by gaining access to the channel being used for communication.

Potential Mitigations

Phase: Architecture and Design

Description:

Encrypt the data with a reliable encryption scheme before transmitting.

Phase: Implementation

Description:

When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.

Phase: Testing

Description:

Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.

Phase: Operation

Description:

Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.

CVE References

CVE-2002-1949
- Passwords transmitted in cleartext.

CVE-2008-4122
- Chain: Use of HTTPS cookie without “secure” flag causes it to be transmitted across unencrypted HTTP.

CVE-2008-3289
- Product sends password hash in cleartext in violation of intended policy.

CVE-2008-4390
- Remote management feature sends sensitive information including passwords in cleartext.

CVE-2007-5626
- Backup routine sends password in cleartext in email.

CVE-2004-1852
- Product transmits Blowfish encryption key in cleartext.

CVE-2008-0374
- Printer sends configuration information, including administrative password, in cleartext.

CVE-2007-4961
- Chain: cleartext transmission of the MD5 hash of password enables attacks against a server that is susceptible to replay (CWE-294).

CVE-2007-4786
- Product sends passwords in cleartext to a log server.

CVE-2005-3140
- Product sends file with cleartext passwords in e-mail message intended for diagnostic purposes.

InCleartext Transmission of Sensitive Information, CVE-2002-1949, CWE- 319

This Windows PowerShell Phish Has Scary Potential

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

FBI Shuts Down Chinese Botnet

Western Agencies Warn Risk from Chinese-Controlled Botnet

8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach

FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries

Cryptojacking Gang TeamTNT Makes a Comeback

Insecure APIs and Bot Attacks Cost Global Firms $186bn

Smashing Security podcast #385: TFL security derailed, and is Trump the king of crypto?

CWE-319 – Cleartext Transmission of Sensitive Information

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

CWE-669 – Incorrect Resource Transfer Between Spheres

CWE-67 – Improper Handling of Windows Device Names

CWE-670 – Always-Incorrect Control Flow Implementation

CWE-671 – Lack of Administrator Control over Security