CWE-524

Use of Cache Containing Sensitive Information

AI Translation Available

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Status

incomplete

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.

Technical Details

AI Translation

Common Consequences

confidentiality

Impacts

read application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Protect information stored in cache.

• Consider using encryption in the cache.

• Do not store unnecessarily sensitive information in the cache.

AI Generated Translation

Common Consequences

riservatezza

Impacts

leggere dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Proteggi le informazioni memorizzate nella cache.

• Considera l'uso della crittografia nella cache.

• Non memorizzare nel cache informazioni sensibili in modo non necessario.

CWE-524

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter