CWE-525: Use of Web Browser Cache Containing Sensitive Information
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data
说明: Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries and Internet cafes.
潜在缓解措施
阶段: Architecture and Design
描述: Protect information stored in cache.
阶段: Architecture and Design Implementation
描述: Use a restrictive caching policy for forms and web pages that potentially contain sensitive information.
阶段: Architecture and Design
描述: Do not store unnecessarily sensitive information in the cache.
阶段: Architecture and Design
描述: Consider using encryption in the cache.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| OWASP Top Ten 2004 | A2 | Broken Access Control | CWE More Specific |
| OWASP Top Ten 2004 | A3 | Broken Authentication and Session Management | CWE More Specific |