目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-312 敏感数据的明文存储 类漏洞列表 243

CWE-312 敏感数据的明文存储 类弱点 243 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-312指敏感信息以明文形式存储在可能被其他控制域访问的资源中。攻击者常通过直接读取配置文件、日志或数据库文件窃取凭证等关键数据。开发者应避免此类风险,采用强加密算法对静态数据进行加密存储,严格限制文件访问权限,并定期审查数据存储逻辑,确保敏感信息仅在必要时以密文形式保留,从而防止未授权访问。

MITRE CWE 官方描述
CWE:CWE-312 敏感信息的明文存储 英文:产品将敏感信息以明文形式存储在可能被其他控制域(control sphere)访问的资源中。
常见影响 (1)
ConfidentialityRead Application Data
An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
缓解措施 (2)
Implementation, System Configuration, OperationWhen storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Implementation, System Configuration, OperationIn some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
代码示例 (2)
The following code excerpt stores a plaintext user account ID in a browser cookie.
response.addCookie( new Cookie("userAccountID", acctID);
Bad · Java
This code writes a user's login information to a cookie so the user does not have to login again later.
function persistLogin($username, $password){ $data = array("username" => $username, "password"=> $password); setcookie ("userdata", $data); }
Bad · PHP
CVE ID标题CVSS风险等级Published
CVE-2026-7163 OpenShift Assisted-Service 凭据泄露致管理员权限提升漏洞 — multicluster engine for Kubernetes 2.10 6.1 Medium2026-04-30
CVE-2026-41385 OpenClaw 安全漏洞 — OpenClaw 6.5 Medium2026-04-28
CVE-2026-6553 TYPO3 CMS 安全漏洞 — TYPO3 CMS 6.5AIMediumAI2026-04-21
CVE-2026-35644 OpenClaw 安全漏洞 — OpenClaw 6.5 Medium2026-04-09
CVE-2025-14815 Mitsubishi Electric多款产品 安全漏洞 — GENESIS64 6.2AIMediumAI2026-04-08
CVE-2026-34833 Bulwark Webmail 安全漏洞 — webmail 7.5AIHighAI2026-04-02
CVE-2026-33026 Nginx UI 安全漏洞 — nginx-ui 8.8 -2026-03-30
CVE-2026-33867 WWBN AVideo 安全漏洞 — AVideo 8.1 -2026-03-27
CVE-2026-4346 TP-Link TL-WR850N 安全漏洞 — TL-WR850N v3 6.8AIMediumAI2026-03-26
CVE-2026-31848 Nexxt Solutions Nebula 300+ 安全漏洞 — Nebula 300+ 9.8 -2026-03-23
CVE-2026-32842 Edimax GS-5008PL 安全漏洞 — Edimax GS-5008PL 6.5 Medium2026-03-17
CVE-2025-55717 Fortinet多款产品 安全漏洞 — FortiVoice 3.8 Medium2026-03-10
CVE-2026-24311 SAP Customer Checkout 安全漏洞 — SAP Customer Checkout 2.0 5.6 Medium2026-03-10
CVE-2025-47147 Gallagher Command Centre Mobile Client 安全漏洞 — Command Centre Mobile Client 5.7 Medium2026-03-03
CVE-2026-3277 Devolutions PowerShell Universal 安全漏洞 — PowerShell Universal 5.5 -2026-02-27
CVE-2026-3221 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-02-25
CVE-2026-27520 Binardat 10G08-0800GSM 安全漏洞 — 10G08-0800GSM Network Switch 7.5 High2026-02-24
CVE-2026-23655 Microsoft Azure Compute Gallery 安全漏洞 — Microsoft ACI Confidential Containers 6.5 Medium2026-02-10
CVE-2025-33081 IBM Concert 安全漏洞 — Concert 3.3 Low2026-02-03
CVE-2025-12774 Brocade SANnav 安全漏洞 — SANnav 7.1AIHighAI2026-02-03
CVE-2025-12772 Brocade SANnav 安全漏洞 — SANnav 6.5AIMediumAI2026-02-02
CVE-2025-12679 Brocade SANnav 安全漏洞 — SANnav 4.9AIMediumAI2026-02-02
CVE-2024-9432 OpenText Vertica 安全漏洞 — Vertica 7.5AIHighAI2026-01-30
CVE-2025-59105 Dormakaba Access Manager 安全漏洞 — Access Manager 92xx-k5 6.8AIMediumAI2026-01-26
CVE-2025-59102 Dormakaba Access Manager 安全漏洞 — Access Manager 92xx-k5 7.5AIHighAI2026-01-26
CVE-2026-22276 Dell ECS和Dell ObjectScale 安全漏洞 — ObjectScale 5.5 Medium2026-01-23
CVE-2025-14377 Rockwell Automation Verve Asset Manager 安全漏洞 — Verve Asset Manager 5.5AIMediumAI2026-01-20
CVE-2026-22240 Bluspark BLUVOYIX 安全漏洞 — BLUVOYIX 9.8AICriticalAI2026-01-14
CVE-2019-25279 iWT FaceSentry Access Control System 安全漏洞 — FaceSentry Access Control System 7.5 High2026-01-07
CVE-2025-11009 Mitsubishi Electric GT Designer3 安全漏洞 — GT Designer3 Version1 (GOT2000) 5.1 Medium2025-12-17

CWE-312(敏感数据的明文存储) 是常见的弱点类别,本平台收录该类弱点关联的 243 条 CVE 漏洞。