Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-317 (在GUI中的明文存储) — Vulnerability Class 6

6 vulnerabilities classified as CWE-317 (在GUI中的明文存储). AI Chinese analysis included.

CWE-317 represents a critical data exposure weakness where sensitive information is stored in cleartext within graphical user interface components. This vulnerability allows attackers to bypass visual obfuscation, such as masked password fields, by directly accessing underlying GUI objects through application programming interfaces. Even if data appears encoded or hidden from human view, adversaries can often reverse-engineer the encoding scheme to retrieve the original plaintext. To mitigate this risk, developers must ensure that sensitive data is never retained in memory within UI elements after it is no longer needed. Best practices include clearing input fields immediately after processing, utilizing secure memory handling techniques to overwrite sensitive buffers, and ensuring that no sensitive values are passed as arguments to GUI rendering functions. By strictly managing the lifecycle of sensitive data within the interface layer, organizations can prevent unauthorized access via API-based extraction.

MITRE CWE Description
The product stores sensitive information in cleartext within the GUI. An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Common Consequences (1)
ConfidentialityRead Memory, Read Application Data
CVE IDTitleCVSSSeverityPublished
CVE-2025-14816 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64 — GENESIS64 5.5AIMediumAI2026-04-08
CVE-2026-24431 Tenda W30E V2 Web UI Reveals Passwords in Cleartext — W30E V2 8.1AIHighAI2026-01-26
CVE-2021-34751 Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability — Cisco Firepower Management Center 4.3 Medium2024-11-15
CVE-2021-34750 Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability — Cisco Firepower Management Center 4.3 Medium2024-11-15
CVE-2022-29090 Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite 8.5 High2022-08-10
CVE-2019-13947 Siemens SiNVR 3 安全漏洞 — Control Center Server (CCS) 4.9 Medium2019-12-12

Vulnerabilities classified as CWE-317 (在GUI中的明文存储) represent 6 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.