VariantDraft

CWE-317Cleartext Storage of Sensitive Information in GUI

Category: data-exposure

Description

The product stores sensitive information in cleartext within the GUI. An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Common consequences· 1

  • Confidentiality — Read Memory, Read Application Data

References

  1. https://cwe.mitre.org/data/definitions/317.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Cleartext Storage of Sensitive Information in Executable
CWE
Cleartext Storage in a File or on Disk
CWE
Cleartext Storage of Sensitive Information
CWE
Cleartext Storage in the Registry
CWE
Cleartext Storage of Sensitive Information in Memory
CWE
Plaintext Storage of a Password
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.