CWE-922—Insecure Storage of Sensitive Information
PUBLISHEDweakness record
released 2013-07-17 · last modified 2025-12-11
Metadata
名称
Insecure Storage of Sensitive Information
描述
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.