CWE WEAKNESSES / CWE-922
CWE-922
Insecure Storage of Sensitive Information
Class
What it is
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.
Impact
| Confidentiality | Read Application Data, Read Files or Directories |
| Integrity | Modify Application Data, Modify Files or Directories |
Real-world CVE examples
- CVE-2009-2272 — password and username stored in cleartext in a cookie
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →