CWE-312

Cleartext Storage of Sensitive Information

AI Translation Available

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Status

draft

Abstraction

base

Affected Platforms

Cloud Computing ICS/OT Mobile

Technical Details

AI Translation

Common Consequences

confidentiality

Impacts

read application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation system configuration operation

Descriptions:

• In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

• When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

AI Generated Translation

Common Consequences

riservatezza

Impacts

leggere dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione configurazione sistema operazione

Descriptions:

• In alcuni sistemi/environments come il cloud, potrebbe essere necessario l'uso di "doppia crittografia" (sia a livello software che hardware), e lo sviluppatore potrebbe essere l'unico responsabile di entrambi gli strati, anziché condividere questa responsabilità con l'amministratore del sistema/environment più ampio.

• Quando si memorizzano dati nel cloud (ad esempio, S3 buckets, Azure blobs, Google Cloud Storage, ecc.), utilizzare i controlli del provider per crittografare i dati a riposo. [REF-1297] [REF-1299] [REF-1301]

CWE-312

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter