Read Time:25 Second

Description

The application stores sensitive information in cleartext in memory.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-312

 

Consequences

Confidentiality: Read Memory

 

Potential Mitigations

CVE References

  • CVE-2001-1517
    • Sensitive authentication information in cleartext in memory.
  • BID:10155
    • Sensitive authentication information in cleartext in memory.
  • CVE-2001-0984
    • Password protector leaves passwords in memory when window is minimized, even when “clear password when minimized” is set.
  • CVE-2003-0291
    • SSH client does not clear credentials from memory.