|Name ||Lifting cached, sensitive data embedded in client distributions (thick or thin) |
|Summary ||An attacker examines a target application's cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information. |
|Prerequisites ||The target application must store sensitive information in a cache.
The cache must be inadequately protected against attacker access. |
|Solutions || |
|CWE ID ||Description |
|CWE-311 ||Missing Encryption of Sensitive Data |