CWE-256 - Plaintext Storage of a Password

  • 摘要:Base
  • 结构:Simple
  • 状态:Incomplete
  • 发布日期:2006-07-19
  • 更新日期:2025-12-11

名称

Plaintext Storage of a Password

描述

The product stores a password in plaintext within resources such as memory or files.

常见后果

范围:Access Control

影响:Gain Privileges or Assume Identity

注释:Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.

相关 CWE

CWE-522Insufficiently Protected Credentials