CWE-312 - Cleartext Storage of Sensitive Information
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2025-04-03
Weakness Name
Cleartext Storage of Sensitive Information
Description
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Notes: An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.