CWE

Plaintext Storage in the Registry

ID: 314		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

Storing sensitive data in plaintext in the registry makes the data more easily accessible than if encrypted. This significantly lowers the difficulty of exploitation by attackers.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design

Related Attack Patterns

• CAPEC-37

Common Consequences

Scope	Technical Impact	Notes
Confidentiality	Read application data

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
		Sensitive information should not be stored in plaintext in a registry. Even if heavy fortifications are in place, sensitive data should be encrypted to prevent the risk of losing confidentiality.

Relationships

Related CWE	Type	View	Chain
CWE-314 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples
None

Observed Examples

1. CVE-2005-2227 : Plaintext passwords in registry key.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
PLOVER		Plaintext Storage in Registry

References:
None