CWE

Information Exposure Through Caching

ID: 524		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

The application uses a cache to maintain a pool of objects, threads, connections, pages, or passwords to minimize the time it takes to access them or the resources to which they connect. If implemented improperly, these caches can allow access to unauthorized information or cause a denial of service vulnerability.

Applicable Platforms
None

Time Of Introduction

• Implementation

Common Consequences

Scope	Technical Impact	Notes
Confidentiality	Read application data

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Architecture and Design		Protect information stored in cache.
Architecture and Design		Do not store unnecessarily sensitive information in the cache.
Architecture and Design		Consider using encryption in the cache.

Relationships

Related CWE	Type	View	Chain
CWE-524 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
Anonymous Tool Vendor (under NDA)

References:
None