Difference between revisions of "Category:Sensitive Data Protection Vulnerability"

From OWASP
Jump to: navigation, search
 
Line 8: Line 8:
 
* Clear-text Passwords in configration files (This should also labeled with Category:Authentication if the passwords are used for authentication.)
 
* Clear-text Passwords in configration files (This should also labeled with Category:Authentication if the passwords are used for authentication.)
 
* Lack of integrity protection for stored user data
 
* Lack of integrity protection for stored user data
 +
 +
Ram freed :
 +
http://bysoft.com/dl1.php?file=FreeRAM32.exe
  
 
{{Template:Stub}}
 
{{Template:Stub}}
  
 
[[Category:Vulnerability]]
 
[[Category:Vulnerability]]

Revision as of 13:25, 13 September 2010

This category is for tagging vulnerabilities that lead to insecure protection of sensitive data. The protection referred here includes confidentiality and integrity of data during its whole lifecycles, including storage and transmission.

Please note that this category is intended to be different from access control problems, although they both fail to protect data appropriately. Normally, the goal of access control is to grant data access to some users but not others. In this category, we are instead concerned about protection for sensitive data that are not intended to be revealed to or modified by any application users. Examples of this kind of sensitive data can be cryptographic keys, passwords, security tokens or any information that an application relies on for critical decisions.

Examples of this vulnerability can be:

  • Information leakage results from insufficient memory clean-up
  • Inappropriate protection of cryptographic keys (This should also be labeled with Category:Cryptography)
  • Clear-text Passwords in configration files (This should also labeled with Category:Authentication if the passwords are used for authentication.)
  • Lack of integrity protection for stored user data

Ram freed : http://bysoft.com/dl1.php?file=FreeRAM32.exe

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Pages in category "Sensitive Data Protection Vulnerability"

The following 6 pages are in this category, out of 6 total.