CWE-525βUse of Web Browser Cache Containing Sensitive Information
PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2026-04-30
Metadata
- CWE ID:
- CWE-525
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2026-04-30
Weakness Name
Use of Web Browser Cache Containing Sensitive Information
Description
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
Common Consequences
- Scope:
- Confidentiality
- Impact:
- Read Application Data
- Notes:
- Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries and Internet cafes.