CWE-922Insecure Storage of Sensitive Information

PUBLISHEDweakness record
released 2013-07-17 · last modified 2025-12-11

Metadata

CWE ID:
CWE-922
摘要:
Class
结构:
Simple
状态:
Incomplete
发布日期:
2013-07-17
更新日期:
2025-12-11

名称

Insecure Storage of Sensitive Information

描述

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

常见后果

范围:
Confidentiality
影响:
Read Application Data, Read Files or Directories
注释:
Attackers can read sensitive information by accessing the unrestricted storage mechanism.
范围:
Integrity
影响:
Modify Application Data, Modify Files or Directories
注释:
Attackers can overwrite sensitive information by accessing the unrestricted storage mechanism.

相关 CWE