QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-313

Back to CWE list

CWE-313

Cleartext Storage in a File or on Disk

Variant
Draft

Description

The product stores sensitive information in cleartext in a file, or on disk.

The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Common Consequences

Scope

Confidentiality

Impact

Read Application Data

CVE-2001-1481

Cleartext credentials in world-readable file.

CVE-2005-1828

Password in cleartext in config file.

CVE-2005-2209

Password in cleartext in config file.

CVE-2002-1696

Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.

CVE-2004-2397

Cleartext storage of private key and passphrase in log file when user imports the key.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now