Variant weakness

Draft

CWE-315: Cleartext Storage of Sensitive Information in a Cookie

The product stores sensitive information in cleartext in a cookie.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

CWE-315: Cleartext Storage of Sensitive Information in a Cookie

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-315?

What CVEs are caused by CWE-315?

How is CWE-315 detected?

What are the consequences of CWE-315?

Is CWE-315 actively exploited?

References

Stay ahead of CWE-315

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-315?

What CVEs are caused by CWE-315?

How is CWE-315 detected?

What are the consequences of CWE-315?

Is CWE-315 actively exploited?

References

Stay ahead of CWE-315