目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-256 明文存储口令 类漏洞列表 160

CWE-256 明文存储口令 类弱点 160 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-256 指产品将密码以明文形式存储在内存或文件等资源中,属于数据保护不当类漏洞。攻击者若获取系统访问权限,可直接读取存储介质中的明文密码,进而冒充合法用户进行未授权访问或横向移动。开发者应避免直接存储明文,转而采用加盐哈希算法对密码进行不可逆处理,并确保密钥管理安全,从而有效防止凭据泄露风险。

MITRE CWE 官方描述
CWE:CWE-256 Plaintext Storage of a Password 英文:The product stores a password in plaintext within resources such as memory or files.
常见影响 (1)
Access ControlGain Privileges or Assume Identity
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.
缓解措施 (3)
Architecture and DesignAvoid storing passwords in easily accessible locations.
Architecture and DesignConsider storing cryptographic hashes of passwords as an alternative to storing in plaintext.
A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.
Effectiveness: None
代码示例 (2)
The following code reads a password from a properties file and uses the password to connect to a database.
... Properties prop = new Properties(); prop.load(new FileInputStream("config.properties")); String password = prop.getProperty("password"); DriverManager.getConnection(url, usr, password); ...
Bad · Java
The following code reads a password from the registry and uses the password to create a new network credential.
... String password = regKey.GetValue(passKey).toString(); NetworkCredential netCred = new NetworkCredential(username,password,domain); ...
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-6500 OpenConcerto 1.7.5明文密码存储漏洞 — OpenConcerto 7.5AIHighAI2026-05-04
CVE-2025-36335 发现漏洞 — watsonx.data intelligence 6.2 Medium2026-04-30
CVE-2026-6597 Langflow 安全漏洞 — langflow 2.7 Low2026-04-20
CVE-2025-15624 Sparx Systems Sparx Pro Cloud Server 安全漏洞 — Sparx Pro Cloud Server 6.2AIMediumAI2026-04-17
CVE-2021-47961 Synology SSL VPN Client 安全漏洞 — Synology SSL VPN Client 8.1 High2026-04-10
CVE-2026-35556 OpenPLC 安全漏洞 — OpenPLC_V3 9.8AICriticalAI2026-04-09
CVE-2025-36258 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 7.1 High2026-03-25
CVE-2026-33216 Nats-Server 安全漏洞 — nats-server 8.6 High2026-03-25
CVE-2026-31850 Nexxt Solutions Nebula 300+ 安全漏洞 — Nebula 300+ 8.1 -2026-03-23
CVE-2026-4251 CityData CityChat 安全漏洞 — CityChat 2.5 Low2026-03-16
CVE-2026-4250 Albert Health 安全漏洞 — Albert Health 2.5 Low2026-03-16
CVE-2026-4243 La Nacion App 安全漏洞 — La Nacion App 2.5 Low2026-03-16
CVE-2026-4242 BabyChakra Pregnancy & Parenting App 安全漏洞 — Pregnancy & Parenting App 2.5 Low2026-03-16
CVE-2026-4217 XREAL Nebula App 安全漏洞 — Nebula App 2.5 Low2026-03-16
CVE-2026-22285 Dell Device Management Agent 安全漏洞 — Device Management Agent (DDMA) 4.4 Medium2026-03-04
CVE-2026-28360 NocoDB 安全漏洞 — nocodb 6.5AIMediumAI2026-03-02
CVE-2026-21660 Johnson Controls Frick Controls Quantum HD 安全漏洞 — Frick Controls Quantum HD 9.8 -2026-02-27
CVE-2025-36425 IBM Db2 安全漏洞 — Db2 for Linux, UNIX and Windows 5.3 Medium2026-02-17
CVE-2026-23797 OpenSolution Quick.Cart 安全漏洞 — Quick.Cart 4.9AIMediumAI2026-02-05
CVE-2020-37115 GUnet OpenEclass 安全漏洞 — GUnet OpenEclass 6.5 Medium2026-02-03
CVE-2025-12680 Brocade SANnav 安全漏洞 — SANnav 6.5AIMediumAI2026-02-02
CVE-2026-21417 Dell CloudBoost Virtual Appliance 安全漏洞 — CloudBoost Virtual Appliance 7.0 High2026-01-27
CVE-2025-25051 AutomationDirect CLICK Programmable Logic Controller 安全漏洞 — CLICK Programmable Logic Controller 6.1 Medium2026-01-22
CVE-2025-15113 Ksenia Security Lares 4.0 Home Automation 安全漏洞 — lares 8.4 High2025-12-30
CVE-2025-15128 ZKTeco BioTime 安全漏洞 — BioTime 5.3 Medium2025-12-28
CVE-2018-25130 Beward Intercom 安全漏洞 — BEWARD Intercom 6.2 Medium2025-12-24
CVE-2025-65009 WODESYS WD-R608U 安全漏洞 — WD-R608U 7.5AIHighAI2025-12-18
CVE-2024-42197 HCL Workload Scheduler 安全漏洞 — Workload Scheduler 5.5 Medium2025-12-11
CVE-2025-14183 SGAI Space1 安全漏洞 — Space1 NAS N1211DS 4.3 Medium2025-12-07
CVE-2025-13221 Intelbras UnniTI 安全漏洞 — UnniTI 5.3 Medium2025-11-15

CWE-256(明文存储口令) 是常见的弱点类别,本平台收录该类弱点关联的 160 条 CVE 漏洞。