CWE-318: Cleartext Storage of Sensitive Information in Executable

Description

The product stores sensitive information in cleartext in an executable.

Extended Description

Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the cleartext is plain ASCII. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

ThreatScore

Threat Mapped score: 3.0

Industry: Finiancial

Threat priority: P2 - Serious (High)

Observed Examples (CVEs)

CVE: CVE-2005-1794

Product stores RSA private key in a DLL and uses it to sign a certificate, allowing spoofing of servers and Adversary-in-the-Middle (AITM) attacks.
CVE: CVE-2001-1527

administration passwords in cleartext in executable

Related Attack Patterns (CAPEC)

Attack TTPs

T1040 — Network Sniffing (credential-access, discovery)
T1005 — Data from Local System (collection)
T1552.004 — Private Keys (credential-access)

Malware

APTs (Intrusion Sets)

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Read Application Data — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

Terminology: Different people use "cleartext" and "plaintext" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).

← Back to CWE list