CWE-524Use of Cache Containing Sensitive Information

PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30

Metadata

CWE ID:
CWE-524
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2026-04-30

名称

Use of Cache Containing Sensitive Information

描述

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.

常见后果

范围:
Confidentiality
影响:
Read Application Data

相关 CWE

相关警报