CWE-922
Insecure Storage of Sensitive Information
AI Translation Available
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Status
incomplete
Abstraction
class
Affected Platforms
Extended Description
AI Translation
If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.
Technical Details
AI Translation
Common Consequences
confidentiality
integrity
Impacts
read application data
read files or directories
modify application data
modify files or directories
Detection Methods
automated static analysis