CWE
Home > CWE List > CWE-312 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-312 Individual Dictionary Definition (Draft 9)

Plaintext Storage of Sensitive Information
Weakness ID
Status: Draft

312 (Weakness Base)

Description

Summary

The application stores sensitive information in plaintext within a resource that might be accessible to another control sphere, when the information should be encrypted or otherwise protected.

Relationships
NatureTypeIDName
ChildOfWeakness BaseWeakness BaseWeakness Base311Failure to Encrypt Sensitive Data
ParentOfWeakness VariantWeakness VariantWeakness Variant313Plaintext Storage in a File or on Disk
ParentOfWeakness VariantWeakness VariantWeakness Variant314Plaintext Storage in the Registry
ParentOfWeakness VariantWeakness VariantWeakness Variant315Plaintext Storage in a Cookie
ParentOfWeakness VariantWeakness VariantWeakness Variant316Plaintext Storage in Memory
ParentOfWeakness VariantWeakness VariantWeakness Variant317Plaintext Storage in GUI
ParentOfWeakness VariantWeakness VariantWeakness Variant318Plaintext Storage in Executable
Source Taxonomies

PLOVER - Plaintext Storage of Sensitive Information

Related Attack Patterns
CAPEC-IDAttack Pattern Name
37Lifting Data Embedded in Client Distributions
Page Last Updated: April 22, 2008