CWE-922: Insecure Storage of Sensitive Information

Description

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

Submission Date :

June 23, 2013, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Extended Description

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-312: Cleartext Storage of Sensitive Information
Go to
CWE-664: Improper Control of a Resource Through its Lifetime
Go to
CWE-921: Storage of Sensitive Data in a Mechanism without Access Control
Go to

Visit http://cwe.mitre.org/ for more details.