The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
N/A
Threat Mapped score: 3.25
Industry: Finiancial
Threat priority: P2 - Serious (High)
CVE: CVE-2022-30275
Remote Terminal Unit (RTU) uses a driver that relies on a password stored in plaintext.
CVE: CVE-2009-2272
password and username stored in cleartext in a cookie
CVE: CVE-2009-1466
password stored in cleartext in a file with insecure permissions
CVE: CVE-2009-0152
chat program disables SSL in some circumstances even when the user says to use SSL.
CVE: CVE-2009-1603
Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption
CVE: CVE-2009-0964
storage of unencrypted passwords in a database
CVE: CVE-2008-6157
storage of unencrypted passwords in a database
CVE: CVE-2008-6828
product stores a password in cleartext in memory
CVE: CVE-2008-1567
storage of a secret key in cleartext in a temporary file
CVE: CVE-2008-0174
SCADA product uses HTTP Basic Authentication, which is not encrypted
CVE: CVE-2007-5778
login credentials stored unencrypted in a registry key
CVE: CVE-2001-1481
Plaintext credentials in world-readable file.
CVE: CVE-2005-1828
Password in cleartext in config file.
CVE: CVE-2005-2209
Password in cleartext in config file.
CVE: CVE-2002-1696
Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.
CVE: CVE-2004-2397
Plaintext storage of private key and passphrase in log file when user imports the key.
CVE: CVE-2002-1800
Admin password in plaintext in a cookie.
CVE: CVE-2001-1537
Default configuration has cleartext usernames/passwords in cookie.
CVE: CVE-2001-1536
Usernames/passwords in cleartext in cookies.
CVE: CVE-2005-2160
Authentication information stored in cleartext in a cookie.
| Phase | Note |
|---|---|
| Architecture and Design | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
Intro: The following code excerpt stores a plaintext user account ID in a browser cookie.
Body: Because the account ID is in plaintext, the user's account information is exposed if their computer is compromised by an attacker.
response.addCookie( new Cookie("userAccountID", acctID);Intro: This code writes a user's login information to a cookie so the user does not have to login again later.
Body: The code stores the user's username and password in plaintext in a cookie on the user's machine. This exposes the user's login information if their computer is compromised by an attacker. Even if the user's machine is not compromised, this weakness combined with cross-site scripting (CWE-79) could allow an attacker to remotely copy the cookie.
function persistLogin($username, $password){ $data = array("username" => $username, "password"=> $password); setcookie ("userdata", $data); }Intro: The following code attempts to establish a connection, read in a password, then store it to a buffer.
Body: While successful, the program does not encrypt the data before writing it to a buffer, possibly exposing it to unauthorized actors.
server.sin_family = AF_INET; hp = gethostbyname(argv[1]); if (hp==NULL) error("Unknown host"); memcpy( (char *)&server.sin_addr,(char *)hp->h_addr,hp->h_length); if (argc < 3) port = 80; else port = (unsigned short)atoi(argv[3]); server.sin_port = htons(port); if (connect(sock, (struct sockaddr *)&server, sizeof server) < 0) error("Connecting"); ... while ((n=read(sock,buffer,BUFSIZE-1))!=-1) { write(dfd,password_buffer,n); ...Intro: The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.
Body: This Java example shows a properties file with a cleartext username / password pair.
# Java Web App ResourceBundle properties file ... webapp.ldap.username=secretUsername webapp.ldap.password=secretPassword ...Intro: In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these products were often used in industries such as power, electrical, water, and others, there could even be safety implications.
Body: At least one OT product stored a password in plaintext.
Intro: In 2021, a web site operated by PeopleGIS stored data of US municipalities in Amazon Web Service (AWS) Simple Storage Service (S3) buckets.
Body: While it was not publicly disclosed how the data was protected after discovery, multiple options could have been considered.
A security researcher found 86 S3 buckets that could be accessed without authentication (CWE-306) and stored data unencrypted (CWE-312). These buckets exposed over 1000 GB of data and 1.6 million files including physical addresses, phone numbers, tax documents, pictures of driver's license IDs, etc. [REF-1296] [REF-1295]Intro: Consider the following PowerShell command examples for encryption scopes of Azure storage objects. In the first example, an encryption scope is set for the storage account.
Body: The result (edited and formatted for readability) might be:
New-AzStorageEncryptionScope -ResourceGroupName "MyResourceGroup" -AccountName "MyStorageAccount" -EncryptionScopeName testscope -StorageEncryption