CWE-257

Storing Passwords in a Recoverable Format

AI Translation Available

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

Status

incomplete

Abstraction

base

Likelihood

high

Affected Platforms

Technical Details

AI Translation

Common Consequences

confidentiality access control

Impacts

gain privileges or assume identity

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Use strong, non-reversible encryption to protect stored passwords.

AI Generated Translation

Common Consequences

riservatezza controllo degli accessi

Impacts

ottenere privilegi o assumere identità

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Utilizzare crittografia forte e non reversibile per proteggere le password memorizzate.

CWE-257

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter