Log inLog in

Variant weakness

Draft

CWE-314: Cleartext Storage in the Registry

The product stores sensitive information in cleartext in the registry.

Last updated May 1, 2026

1

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Attackers can read the information by accessing the registry key. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Real-world CVEs

1 recorded CVEs are caused by CWE-314 (Cleartext Storage in the Registry). The highest-severity and most recent are shown first.

CVE-2023-2335
Medium · CVSS 6.5
2023-04-27

Common consequences

What can happen when CWE-314 is exploited.

Read Application Data

Affects: Confidentiality

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2005-2227 — Cleartext passwords in registry key.

Terminology & mappings

Mapped taxonomies

PLOVER: Plaintext Storage in Registry
Software Fault Patterns: Exposed Data (SFP23)

Attack patterns

CAPEC attack patterns that exploit this weakness.

CAPEC-37: Retrieve Embedded Sensitive Data

Frequently asked questions

Common questions about CWE-314.

What is CWE-314?

The product stores sensitive information in cleartext in the registry.

What CVEs are caused by CWE-314?

1 recorded CVEs are attributed to CWE-314, including CVE-2023-2335.

What are the consequences of CWE-314?

Exploiting CWE-314 can lead to: Read Application Data.

Is CWE-314 actively exploited?

1 recorded CVEs are caused by CWE-314; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-314

Get alerted the moment a new CWE-314 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing