Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-311 (敏感数据加密缺失) — Vulnerability Class 257

257 vulnerabilities classified as CWE-311 (敏感数据加密缺失). AI Chinese analysis included.

CWE-311 represents a critical data protection weakness where software fails to encrypt sensitive information before storage or transmission, leaving confidential data exposed in plaintext. Attackers typically exploit this vulnerability by intercepting network traffic through man-in-the-middle attacks or by gaining unauthorized physical or logical access to storage systems, allowing them to read credentials, financial records, or personal identifiable information without obstruction. To mitigate this risk, developers must implement robust cryptographic standards, such as AES-256 for data at rest and TLS 1.3 for data in transit, ensuring that all sensitive payloads are securely encoded. Furthermore, rigorous code reviews and automated static analysis tools should be employed to detect missing encryption calls, while strict key management practices guarantee that cryptographic keys themselves remain protected from compromise, thereby maintaining the confidentiality and integrity of the entire system.

MITRE CWE Description
The product does not encrypt sensitive or critical information before storage or transmission.
Common Consequences (2)
ConfidentialityRead Application Data
If the application does not use a secure channel, such as SSL, to exchange sensitive information, it is possible for an attacker with access to the network traffic to sniff packets from the connection and uncover the data. This attack is not technically difficult, but does require physical access to…
Confidentiality, IntegrityModify Application Data
Omitting the use of encryption in any program which transfers data over a network of any kind should be considered on par with delivering the data sent to each user on the local networks of both the sender and receiver. Worse, this omission allows for the injection of data into a stream of communica…
Mitigations (5)
RequirementsClearly specify which data or resources are valuable enough that they should be protected by encryption. Require that any transmission or storage of this data/resource should use well-vetted encryption algorithms.
Architecture and DesignEnsure that encryption is properly integrated into the system design, including but not necessarily limited to: Encryption that is needed to store or transmit private data of the users of the system Encryption that is needed to protect the system itself from unauthorized disclosure or tampering Identify the separate needs and contexts for encryption: One-way (i.e., only the user or recipient needs…
Architecture and DesignWhen there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis. For example, US government systems require FIPS 1…
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Implementation, Architecture and DesignWhen using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
Examples (2)
This code writes a user's login information to a cookie so the user does not have to login again later.
function persistLogin($username, $password){ $data = array("username" => $username, "password"=> $password); setcookie ("userdata", $data); }
Bad · PHP
The following code attempts to establish a connection, read in a password, then store it to a buffer.
server.sin_family = AF_INET; hp = gethostbyname(argv[1]); if (hp==NULL) error("Unknown host"); memcpy( (char *)&server.sin_addr,(char *)hp->h_addr,hp->h_length); if (argc < 3) port = 80; else port = (unsigned short)atoi(argv[3]); server.sin_port = htons(port); if (connect(sock, (struct sockaddr *)&server, sizeof server) < 0) error("Connecting"); ... while ((n=read(sock,buffer,BUFSIZE-1))!=-1) { write(dfd,password_buffer,n); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor — Apache Tomcat 7.5AIHighAI2026-04-09
CVE-2026-34992 Missing Encryption of Sensitive Data in antrea.io/antrea — antrea 7.5AIHighAI2026-04-06
CVE-2026-28678 dsa-hub-server: Clear-Text Storage of Sensitive Data — DSA-with-tsx 8.1 High2026-03-07
CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure — nginx-ui 9.8 Critical2026-03-05
CVE-2025-15548 Missing Application-Layer Encryption in Web Interface Endpoints on TP-Link VX800v — VX800v v1.0 6.5AIMediumAI2026-01-29
CVE-2025-13453 Lenovo ThinkPlus 安全漏洞 — ThinkPlus FU100 4.6 Medium2026-01-14
CVE-2025-36751 Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X — ShineLan-X 7.4AIHighAI2025-12-13
CVE-2025-13053 A missing encryption of sensitive data vulnerability was found in the UPS settings of ADM — ADM 3.7AILowAI2025-12-12
CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol — dragonfly 5.9AIMediumAI2025-09-17
CVE-2025-10227 Lack of Encryption in Object Archive in AxxonSoft Axxon One (C-Werk) before 2.0.8 — AxxonOne C-Werk 4.6 Medium2025-09-10
CVE-2025-31977 A cryptographic weakness has been identified in the HCL BigFix Service Management (SM) — BigFix Service Management (SM) 5.3 Medium2025-08-28
CVE-2024-41982 Siemens多款产品 安全漏洞 — SmartClient modules Opcenter QL Home (SC) 4.8 Medium2025-08-12
CVE-2024-41980 Siemens SmartClient modules Opcenter QL Home 安全漏洞 — SmartClient modules Opcenter QL Home (SC) 3.1 Low2025-08-12
CVE-2025-8763 Ruijie EG306MG strongSwan strongswan.conf missing encryption — EG306MG 3.7 Low2025-08-09
CVE-2025-40680 Encryption of sensitive data in CapillaryScope missing — CapillaryScope 5.5 -2025-07-24
CVE-2025-33020 IBM Engineering Systems Design Rhapsody information disclosure — Engineering Systems Design Rhapsody 5.9 Medium2025-07-23
CVE-2025-36062 IBM Cognos Analytics Mobile (iOS) information disclosure — Cognos Analytics Mobile 5.9 Medium2025-07-21
CVE-2025-24008 Siemens SIRIUS 3RK3 Modular Safety System和Siemens SIRIUS Safety Relays 3SK2 安全漏洞 — SIRIUS 3RK3 Modular Safety System (MSS) 6.5 Medium2025-05-13
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption — toolhive 6.5AIMediumAI2025-05-12
CVE-2023-37405 IBM Cloud Pak System information disclosure — Cloud Pak System 6.5 Medium2025-03-27
CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1 — api-go library 8.2 -2025-02-12
CVE-2024-38325 IBM Storage Defender information disclosure — Storage Defender - Resiliency Service 5.9 Medium2025-01-27
CVE-2024-7142 On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them — CloudVision Appliance 4.6 Medium2025-01-10
CVE-2024-56439 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 High2025-01-08
CVE-2024-47871 Insecure communication between the FRP client and server in Gradio — gradio 9.1AICriticalAI2024-10-10
CVE-2024-20515 Cisco Identity Services Engine Information Disclosure Vulnerability — Cisco Identity Services Engine Software 6.5 Medium2024-10-02
CVE-2023-52948 Synology Active Backup for Business Agent 安全漏洞 — Synology Active Backup for Business Agent 5.0 Medium2024-09-26
CVE-2023-52950 Synology Active Backup for Business Agent 安全漏洞 — Synology Active Backup for Business Agent 5.3 Medium2024-09-26
CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data — WL3000 Fusion Software 6.5 Medium2024-09-05
CVE-2024-40620 Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol — Pavilion8® 7.5AIHighAI2024-08-14

Vulnerabilities classified as CWE-311 (敏感数据加密缺失) represent 257 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.