CWE•Base•Incomplete•1 recent CVE
CWE-921Storage of Sensitive Data in a Mechanism without Access Control
Description
The product stores sensitive information in a file system or device that does not have built-in access control.
[object Object]
Common consequences
- Confidentiality→Read Application Data,Read Files or DirectoriesAttackers can read sensitive information by accessing the unrestricted storage mechanism.
- Integrity→Modify Application Data,Modify Files or DirectoriesAttackers can modify or delete sensitive information by accessing the unrestricted storage mechanism.