CWE-1266 – Improper Scrubbing of Sensitive Data from Decommissioned Device

Read Time:20 Second

Description

The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capability could be missing, insufficient, or incorrect.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-404

 

Consequences

Confidentiality: Read Memory

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Phase: Policy

Description: 

Phase: Implementation

Description: 

CVE References