Cleartext Storage in a File or on Disk Archives

Read Time:47 Second

Description

The application stores sensitive information in cleartext in a file, or on disk.

The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-312

Consequences

Confidentiality: Read Application Data

Potential Mitigations

CVE References

CVE-2001-1481
- Cleartext credentials in world-readable file.

CVE-2005-1828
- Password in cleartext in config file.

CVE-2005-2209
- Password in cleartext in config file.

CVE-2002-1696
- Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.

CVE-2004-2397
- Cleartext storage of private key and passphrase in log file when user imports the key.

Cyber Security News

Tag Archives: Cleartext Storage in a File or on Disk

CWE-313 – Cleartext Storage in a File or on Disk

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more