BaseIncomplete

CWE-256Plaintext Storage of a Password

Category: auth

Description

The product stores a password in plaintext within resources such as memory or files.

Common consequences· 1

  • Access Control — Gain Privileges or Assume Identity
    Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.

Potential mitigations· 3

  • [Architecture and Design]Avoid storing passwords in easily accessible locations.
  • [Architecture and Design]Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.
  • []A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.

References

  1. https://cwe.mitre.org/data/definitions/256.html

(incoming)8

TypeTargetConfidenceTier
VulnerabilityCVE-2025-15113cve-2025-151130%live
VulnerabilityCVE-2025-27656cve-2025-276560%live
VulnerabilityCVE-2025-27662cve-2025-276620%live
VulnerabilityCVE-2025-52164cve-2025-521640%live
VulnerabilityCVE-2025-5893cve-2025-58930%live
VulnerabilityCVE-2025-6560cve-2025-65600%live
VulnerabilityCVE-2025-6561cve-2025-65610%live
VulnerabilityCVE-2026-21660cve-2026-216600%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Cleartext Storage in a File or on Disk
CWE
Cleartext Storage of Sensitive Information in Memory
CWE
Cleartext Storage of Sensitive Information
CWE
Cleartext Storage of Sensitive Information in GUI
CWE
Password in Configuration File
CWE
Cleartext Storage of Sensitive Information in Executable
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.