logo

Cleartext Storage of Sensitive Information in a Cookie

Draft Variant
Structure: Simple
Description

The product stores sensitive information in cleartext in a cookie.

Extended Description

Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Common Consequences 1
Scope: Confidentiality

Impact: Read Application Data
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Demonstrative Examples 1

ID : DX-44

The following code excerpt stores a plaintext user account ID in a browser cookie.

Code Example:

Bad
Java
java
Because the account ID is in plaintext, the user's account information is exposed if their computer is compromised by an attacker.
Observed Examples 4
CVE-2002-1800Admin password in cleartext in a cookie.
CVE-2001-1537Default configuration has cleartext usernames/passwords in cookie.
CVE-2001-1536Usernames/passwords in cleartext in cookies.
CVE-2005-2160Authentication information stored in cleartext in a cookie.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Related Attack Patterns
Related Weaknesses
ChildOf: Cleartext Storage of Sensitive Information (CWE-312)
Taxonomy Mapping
  • PLOVER
  • Software Fault Patterns
Notes
TerminologyDifferent people use "cleartext" and "plaintext" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).