CWE-921: Storage of Sensitive Data in a Mechanism without Access Control

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product stores sensitive information in a file system or device that does not have built-in access control.

常见后果

影响范围: Confidentiality

技术影响: Read Application Data Read Files or Directories

说明: Attackers can read sensitive information by accessing the unrestricted storage mechanism.

影响范围: Integrity

技术影响: Modify Application Data Modify Files or Directories

说明: Attackers can modify or delete sensitive information by accessing the unrestricted storage mechanism.

引入模式

阶段 说明
Architecture and Design OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.

适用平台

编程语言
Not Language-Specific (Undetermined)
技术
Mobile (Undetermined)
关键信息

CWE ID: CWE-921

抽象级别: Base

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-922

Insecure Storage of Sensitive Information

Class
返回列表