CWE-256: Plaintext Storage of a Password
ID
CWE-256
Abstraction
Base
Structure
Simple
Status
Incomplete
Number of CVEs
99
Storing a password in plaintext may result in a system compromise.
Password management issues occur when a password is stored in plaintext in an application's properties, configuration file, or memory. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
Architecture and Design | Developers sometimes believe that they cannot defend the application from someone who has access to the configuration, but this belief makes an attacker's job easier. |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific | ||
Technology | ICS/OT |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...