目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-312 敏感数据的明文存储 类漏洞列表 253

CWE-312 敏感数据的明文存储 类弱点 253 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-312指敏感信息以明文形式存储在可能被其他控制域访问的资源中。攻击者常通过直接读取配置文件、日志或数据库文件窃取凭证等关键数据。开发者应避免此类风险,采用强加密算法对静态数据进行加密存储,严格限制文件访问权限,并定期审查数据存储逻辑,确保敏感信息仅在必要时以密文形式保留,从而防止未授权访问。

MITRE CWE 官方描述
CWE:CWE-312 敏感信息的明文存储 英文:产品将敏感信息以明文形式存储在可能被其他控制域(control sphere)访问的资源中。
常见影响 (1)
ConfidentialityRead Application Data
An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
缓解措施 (2)
Implementation, System Configuration, OperationWhen storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Implementation, System Configuration, OperationIn some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
代码示例 (2)
The following code excerpt stores a plaintext user account ID in a browser cookie.
response.addCookie( new Cookie("userAccountID", acctID);
Bad · Java
This code writes a user's login information to a cookie so the user does not have to login again later.
function persistLogin($username, $password){ $data = array("username" => $username, "password"=> $password); setcookie ("userdata", $data); }
Bad · PHP
CVE ID标题CVSS风险等级Published
CVE-2026-46622 SolidInvoice API令牌明文存储导致凭证泄露漏洞 — SolidInvoice 8.1 High2026-06-11
CVE-2026-10786 Devolutions Server 2026.x 权限控制漏洞 — Server--2026-06-08
CVE-2026-4387 StrongDM 安全漏洞 — StrongDM Desktop Application--2026-05-29
CVE-2026-45040 rustfs 日志信息泄露漏洞 — rustfs--2026-05-28
CVE-2026-9274 CP Plus Wi-Fi Camera 安全漏洞 — Wi-Fi Camera CP-E38Q, CP-E48Q, CP-E25Q, CP-E35Q, CP-E45Q, CP-E28Q, CP-E21Q, CP-E31Q, CP-E41Q, CP-E24Q, CP-Z43Q, CP-E34Q, CP-E44Q, CP-T31Q, CP-V48Q, CP-V41Q, CP-Z45Q--2026-05-25
CVE-2026-8596 Amazon SageMaker Python SDK 安全漏洞 — AWS 7.2 High2026-05-14
CVE-2026-6332 Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞 — Ecostruxure™ Machine Expert HVAC--2026-05-14
CVE-2026-42408 F5 BIG-IP 安全漏洞 — BIG-IP 4.4 Medium2026-05-13
CVE-2026-28758 F5 BIG-IP 安全漏洞 — BIG-IP 4.4 Medium2026-05-13
CVE-2026-45362 Sangoma Technologies Switchvox 安全漏洞 — Switchvox 3.2 Low2026-05-12
CVE-2026-7163 Red Hat assisted-service 安全漏洞 — multicluster engine for Kubernetes 2.10 6.1 Medium2026-04-30
CVE-2026-41385 OpenClaw 安全漏洞 — OpenClaw 6.5 Medium2026-04-28
CVE-2026-6553 TYPO3 CMS 安全漏洞 — TYPO3 CMS 6.5AIMediumAI2026-04-21
CVE-2026-35644 OpenClaw 安全漏洞 — OpenClaw 6.5 Medium2026-04-09
CVE-2025-14815 Mitsubishi Electric多款产品 安全漏洞 — GENESIS64 6.2AIMediumAI2026-04-08
CVE-2026-34833 Bulwark Webmail 安全漏洞 — webmail 7.5AIHighAI2026-04-02
CVE-2026-33026 Nginx UI 安全漏洞 — nginx-ui 8.8 -2026-03-30
CVE-2026-33867 WWBN AVideo 安全漏洞 — AVideo 8.1 -2026-03-27
CVE-2026-4346 TP-Link TL-WR850N 安全漏洞 — TL-WR850N v3 6.8AIMediumAI2026-03-26
CVE-2026-31848 Nexxt Solutions Nebula 300+ 安全漏洞 — Nebula 300+ 9.8 -2026-03-23
CVE-2026-32842 Edimax GS-5008PL 安全漏洞 — Edimax GS-5008PL 6.5 Medium2026-03-17
CVE-2025-55717 Fortinet多款产品 安全漏洞 — FortiVoice 3.8 Medium2026-03-10
CVE-2026-24311 SAP Customer Checkout 安全漏洞 — SAP Customer Checkout 2.0 5.6 Medium2026-03-10
CVE-2025-47147 Gallagher Command Centre Mobile Client 安全漏洞 — Command Centre Mobile Client 5.7 Medium2026-03-03
CVE-2026-3277 Devolutions PowerShell Universal 安全漏洞 — PowerShell Universal 5.5 -2026-02-27
CVE-2026-3221 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-02-25
CVE-2026-27520 Binardat 10G08-0800GSM 安全漏洞 — 10G08-0800GSM Network Switch 7.5 High2026-02-24
CVE-2026-23655 Microsoft Azure Compute Gallery 安全漏洞 — Microsoft ACI Confidential Containers 6.5 Medium2026-02-10
CVE-2025-33081 IBM Concert 安全漏洞 — Concert 3.3 Low2026-02-03
CVE-2025-12774 Brocade SANnav 安全漏洞 — SANnav 7.1AIHighAI2026-02-03

CWE-312(敏感数据的明文存储) 是常见的弱点类别,本平台收录该类弱点关联的 253 条 CVE 漏洞。