Missing Encryption of Sensitive Data
Variants:
Direct
Also Known As:
Insecure Storage
Vector Type:
Vulnerability
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Content Encryption
Invented In:
01/01/1999
Added In:
21/12/2014
Vector Operation Method:
Insecure storage of credentials, payment information and other secret data could be abused in post exploitation phases by attackers in order to gain access to that data, without needing to decrypt it.
