Tag Archives: CWE- 921

CWE-921 – Storage of Sensitive Data in a Mechanism without Access Control

Read Time:24 Second

Description

The software stores sensitive information in a file system or device that does not have built-in access control.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-922

 

Consequences

Confidentiality: Read Application Data, Read Files or Directories

Attackers can read sensitive information by accessing the unrestricted storage mechanism.

Integrity: Modify Application Data, Modify Files or Directories

Attackers can modify or delete sensitive information by accessing the unrestricted storage mechanism.

 

Potential Mitigations

CVE References