CWE-922β€”Insecure Storage of Sensitive Information

PUBLISHEDweakness record
released 2013-07-17 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-922
Abstraction:
Class
Structure:
Simple
Status:
Incomplete
Release Date:
2013-07-17
Latest Modification Date:
2025-12-11

Weakness Name

Insecure Storage of Sensitive Information

Description

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

Common Consequences

Scope:
Confidentiality
Impact:
Read Application Data, Read Files or Directories
Notes:
Attackers can read sensitive information by accessing the unrestricted storage mechanism.
Scope:
Integrity
Impact:
Modify Application Data, Modify Files or Directories
Notes:
Attackers can overwrite sensitive information by accessing the unrestricted storage mechanism.

Related Weaknesses