CWE-318: Cleartext Storage of Sensitive Information in Executable
Weakness ID: 318
The application stores sensitive information in cleartext in an executable.
Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the cleartext is plain ASCII. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Different people use "cleartext" and "plaintext" to mean the same thing:
the lack of encryption. However, within cryptography, these have more
precise meanings. Plaintext is the information just before it is fed into a
cryptographic algorithm, including already-encrypted text. Cleartext is any
information that is unencrypted, although it might be in an encoded form
that is not easily human-readable (such as base64 encoding).