Name Retrieve Embedded Sensitive Data
Summary An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
Prerequisites In order to feasibly execute this type of attack, some valuable data must be present in client software. Additionally, this information must be unprotected, or protected in a flawed fashion, or through a mechanism that fails to resist reverse engineering, statistical, or other attack.
Solutions
Related Weaknesses
CWE ID Description
CWE-311 Missing Encryption of Sensitive Data
CWE-312 Cleartext Storage of Sensitive Information
CWE-314 Cleartext Storage in the Registry
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-318 Cleartext Storage of Sensitive Information in Executable
CWE-525 Use of Web Browser Cache Containing Sensitive Information
Back to Top