CWE-311 – Missing Encryption of Sensitive Data
Description The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of...
CWE-312 – Cleartext Storage of Sensitive Information
Description The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Because the information is stored in...