CWE-922

Insecure Storage of Sensitive Information

Class

Incomplete

Description

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

Parent Weaknesses (ChildOf)

CWE-664: Improper Control of a Resource...

Common Consequences

Scope

Confidentiality

Impact

Read Application Data, Read Files or Directories

Scope

Integrity

Impact

Modify Application Data, Modify Files or Directories

CVE-2009-2272

password and username stored in cleartext in a cookie

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-922

Insecure Storage of Sensitive Information

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms