Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

  • Source

    CWE Catalog - 4.14

  • Identifier

    CWE-524

  • Status

    Incomplete

Contents

Description

Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.

See Also

Comprehensive Categorization: Exposed Resource

Weaknesses in this category are related to exposed resource.

SFP Secondary Cluster: Insecure Session Management

This category identifies Software Fault Patterns (SFPs) within the Insecure Session Management cluster.

Information Management Errors

Weaknesses in this category are related to improper handling of sensitive information.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weakness Base Elements

This view (slice) displays only weakness base elements.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.