Description
The product stores sensitive information in cleartext in the registry.
Attackers can read the information by accessing the registry key. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Potential Impact
Confidentiality
Read Application Data
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2005-2227 | Cleartext passwords in registry key. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Plaintext Storage in Registry
- Software Fault Patterns: SFP23 — Exposed Data
Frequently Asked Questions
What is CWE-314?
CWE-314 (Cleartext Storage in the Registry) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product stores sensitive information in cleartext in the registry.
How can CWE-314 be exploited?
Attackers can exploit CWE-314 (Cleartext Storage in the Registry) to read application data. This weakness is typically introduced during the Architecture and Design phase of software development.
How do I prevent CWE-314?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-314?
CWE-314 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.