CWE WEAKNESSES / CWE-256
CWE-256
Plaintext Storage of a Password
Base EXPLOIT LIKELIHOOD: HIGH
What it is
The product stores a password in plaintext within resources such as memory or files.
Impact
| Access Control | Gain Privileges or Assume Identity |
Mitigations
- [Architecture and Design] Avoid storing passwords in easily accessible locations.
- [Architecture and Design] Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.
- A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.
Real-world CVE examples
- CVE-2022-30275 — Remote Terminal Unit (RTU) uses a driver that relies on a password stored in plaintext.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →