DerScanner
Home / Vulnerability Database / Config files : Sensitive information storage in cleartext in memory
Config files

Config files : Sensitive information storage in cleartext in memory

Classification

OWASP Mobile Top 10 2016
M7-Poor Code Quality
CWE
CWE-316CWE-256CWE-522
CWE/SANS Top 25 2021
CWE-522

Overview

Storing sensitive information in clear text may lead to breach of confidentiality.

Sensitive Data Exposure vulnerabilities take the third place in the “OWASP Top 10 2017” web-application vulnerabilities ranking.

References

  1. CWE-316 - Cleartext Storage of Sensitive Information in Memory
  2. CWE-256 - Plaintext Storage of a Password
  3. CWE-522 - Insufficiently Protected Credentials
  4. How bad is it to store credentials in clear text on disk and in memory?
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : Sensitive information storage in cleartext in memory in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection