CWE-312βCleartext Storage of Sensitive Information
PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-312
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2025-12-11
Weakness Name
Cleartext Storage of Sensitive Information
Description
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Common Consequences
- Scope:
- Confidentiality
- Impact:
- Read Application Data
- Notes:
- An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.