CWE-317
Cleartext Storage of Sensitive Information in GUI
Description
The product stores sensitive information in cleartext within the GUI.
An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Memory, Read Application Data
CVE-2002-1848Unencrypted passwords stored in GUI dialog may allow local users to access the passwords.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now