CWE-312Cleartext Storage of Sensitive Information

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11
CWE-312 - Cleartext Storage of Sensitive Information - Diagram

Metadata

CWE ID:
CWE-312
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Cleartext Storage of Sensitive Information

描述

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

常见后果

范围:
Confidentiality
影响:
Read Application Data
注释:
An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

相关 CWE