CWE-312β€”Cleartext Storage of Sensitive Information

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11
CWE-312 - Cleartext Storage of Sensitive Information - Diagram

Metadata

CWE ID:
CWE-312
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Cleartext Storage of Sensitive Information

Description

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Common Consequences

Scope:
Confidentiality
Impact:
Read Application Data
Notes:
An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Related Weaknesses