|
|
Status: Draft Weakness ID: 317 (Weakness Variant)Description Summary Storing sensitive data in plaintext within the GUI makes the data more easily accessible than if encrypted. This significantly lowers the difficulty of exploitation by attackers. Extended Description An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Potential Mitigations Sensitive information should not be stored in plaintext in a GUI. Even if heavy fortifications are in place, sensitive data should be encrypted to prevent the risk of losing confidentiality. Observed Examples
Relationships
Taxonomy Mappings
Applicable Platforms Languages All Operating Systems Windows (Sometimes) Time of Introduction  Architecture and DesignContent History Submissions PLOVER. (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Applicable_Platforms, Description, Relationships, Taxonomy_Mappings |
|
|
|||
