CWE-256

Plaintext Storage of a Password

AI Translation Available

The product stores a password in plaintext within resources such as memory or files.

Status

incomplete

Abstraction

base

Likelihood

high

Affected Platforms

ICS/OT

Technical Details

AI Translation

Common Consequences

access control

Impacts

gain privileges or assume identity

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

• Avoid storing passwords in easily accessible locations.

• A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

ottenere privilegi o assumere identità

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Considera di memorizzare gli hash crittografici delle password come alternativa alla memorizzazione in testo semplice.

• Evita di archiviare le password in posizioni facilmente accessibili.

• Un programmatore potrebbe tentare di risolvere il problema della gestione delle password nascondendole tramite una funzione di codifica, come la codifica base64, ma questo tentativo non protegge adeguatamente la password perché la codifica può essere facilmente rilevata e decodificata.

CWE-256

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter