Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-313 (在文件或磁盘上的明文存储) — Vulnerability Class 25

25 vulnerabilities classified as CWE-313 (在文件或磁盘上的明文存储). AI Chinese analysis included.

CWE-313 represents a critical data protection weakness where applications store sensitive information in plaintext on disk or in files, leaving it vulnerable to unauthorized access. Attackers typically exploit this flaw by gaining physical access to the device, obtaining administrative privileges, or directly reading storage media to extract credentials, keys, or personal data. Even if the data appears obfuscated through simple encoding, determined adversaries can often reverse-engineer the method to reveal the original content. To mitigate this risk, developers must implement robust encryption standards, such as AES-256, for all sensitive data at rest. Additionally, utilizing hardware security modules and ensuring strict file permission controls can significantly reduce the attack surface, ensuring that stored information remains confidential even if the underlying storage is compromised.

MITRE CWE Description
The product stores sensitive information in cleartext in a file, or on disk. The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Common Consequences (1)
ConfidentialityRead Application Data
Examples (1)
The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.
# Java Web App ResourceBundle properties file ... webapp.ldap.username=secretUsername webapp.ldap.password=secretPassword ...
Bad · Java
... <connectionStrings> <add name="ud_DEV" connectionString="connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;" providerName="System.Data.Odbc" /> </connectionStrings> ...
Bad · ASP.NET
CVE IDTitleCVSSSeverityPublished
CVE-2025-4397 Medtronic MyCareLink Patient Monitor Data Encryption Weakness — MyCareLink Patient Monitor 24950 6.8 Medium2026-05-07
CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file — PublicCMS 4.3 Medium2026-04-21
CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file — langflow 4.3 Medium2026-04-20
CVE-2026-5531 SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file — Student Result Management System 5.3 Medium2026-04-05
CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk — MicroServer 6.5 Medium2026-01-07
CVE-2025-36154 IBM Concert Software Cleartext Storage in a File or on Disk. — Concert 6.2 Medium2025-12-24
CVE-2025-14836 ZZCMS User Data Storage user_save.php cleartext storage in file — ZZCMS 2.7 Low2025-12-17
CVE-2025-6748 Bharti Airtel Thanks App files cleartext storage in a file or on disk — Thanks App 2.1 Low2025-06-27
CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk — PhonePe App 2.3 Low2025-05-25
CVE-2025-2120 Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk — Car Dashcam F800 Pro 2.1 Low2025-03-09
CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled — panel 4.6 Medium2024-10-24
CVE-2024-20448 Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability — Cisco Data Center Network Manager 6.3 Medium2024-10-02
CVE-2024-6785 MXview One and MXview One Central Manager Series store cleartext credentials in a local file — MXview One Series 5.5 Medium2024-09-21
CVE-2024-9040 code-projects Blood Bank Management System Password cleartext storage in a file or on disk — Blood Bank Management System 2.3 Low2024-09-20
CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets — PAN-OS 4.4AIMediumAI2024-08-14
CVE-2024-38280 Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) — Vigilant Fixed LPR Coms Box (BCAV1F2-C600) 6.8AIMediumAI2024-06-13
CVE-2024-30406 Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials — Junos OS Evolved 5.5 Medium2024-04-12
CVE-2023-4066 Operator: passwords defined in secrets shown in statefulset yaml — RHEL-8 based Middleware Containers 5.5 Medium2023-09-27
CVE-2023-35699 SICK ICR890-4 安全漏洞 — ICR890-4 5.3 Medium2023-07-10
CVE-2023-2863 Simple Design Daily Journal SQLite Database cleartext storage in a file or on disk — Daily Journal 2.3 Low2023-05-24
CVE-2023-0114 Netis Netcore Router Backup param.file.tgz cleartext storage in a file or on disk — Netcore Router 3.3 Low2023-01-07
CVE-2019-19291 Siemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 安全漏洞 — Control Center Server (CCS) 5.3 Medium2020-03-10
CVE-2016-6547 Zizai Tech Nut stores the account password in cleartext — Tech Nut Mobile Application 8.4 -2018-07-13
CVE-2016-6546 iTrack Easy mobile application stores the user password in base-64 encoding/cleartext — Easy 8.4 -2018-07-13
CVE-2016-6538 TrackR Bravo mobile application stores account passwords in cleartext — Bravo Mobile Application 8.8 -2018-07-06

Vulnerabilities classified as CWE-313 (在文件或磁盘上的明文存储) represent 25 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.