Plaintext Storage in GUI
Description Storing sensitive data in plaintext within the GUI makes the data more easily accessible than if encrypted. This significantly lowers the difficulty of exploitation by attackers. Extended DescriptionAn attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Applicable PlatformsLanguage Class: AllOperating System Class: SometimesOperating System Class: Windows Time Of Introduction
Common Consequences
Detection MethodsNone Potential Mitigations
Relationships
Demonstrative ExamplesNone Observed Examples
White Box Definitions None Black Box Definitions None Taxynomy Mappings
References:None |