CWE-317 – Cleartext Storage of Sensitive Information in GUI

Read Time:32 Second

Description

The application stores sensitive information in cleartext within the GUI.

An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-312

 

Consequences

Confidentiality: Read Memory, Read Application Data

 

Potential Mitigations

CVE References

  • CVE-2002-1848
    • Unencrypted passwords stored in GUI dialog may allow local users to access the passwords.