该栏目为中科天齐全新规划的悟空云课堂,每周五下午18:00准时上线,旨在科普软件安全相关知识,助力企业有效防范软件安全漏洞,提升网络安全防护能力。 【悟空云课堂】第十三期:敏感信息的明文传输漏洞(CWE-319: Cleartext Transmission of Sensitive Information) 什么是敏感信息的明文传输漏洞?程序在通信时以明文形式传输敏感...
CWE-319 CWE-313 CWE-315 语言:. C、C++、C#、Java、Objective-C、Objective-C++ UNENCRYPTED_SENSITIVE_DATA 可查找使用通过未加密方式传输或存储的敏感数据(例如密码、密码密钥等)的代码。如果未经加密即存储或传输敏感数据,会导致攻击者窃取或篡改此类数据。修复此类缺陷需要更改所有端点。 预览检查器:UNENCRYPTED_...
CWE - CWE-319 - Cleartext Transmission of Sensitive Information STIG Viewer - Application Security and Development: V-222397 - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. STIG Viewer - Application Security and Development: V-222534 - Se...
CWE-319 C/C++ cpp/non-https-url Failure to use HTTPS URLs CWE-326 C/C++ cpp/boost/tls-settings-misconfiguration boost::asio TLS settings misconfiguration CWE-326 C/C++ cpp/insufficient-key-size Use of a cryptographic algorithm with insufficient key size CWE-326 C/C++ cpp/unknown-asymmetric-...
CWE-319: Cleartext Transmission of Sensitive Information CWE-352: Cross-Site Request Forgery (CSRF) CWE-362: Race Condition CWE-209: Error Message Information Leak CATEGORY: Risky Resource Management CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer ...
39 CWE-319 敏感信息的明文传输 174 6.74 2.15 0 -4 40 CWE-312 敏感信息的明文存储 182 6.25 2.01 0 +1 2022 CWE Top 26-40缺陷列表 从2021年Top 25下降排名的缺陷如下: CWE-732(关键资源的权限分配不正确):从#22 到 #30 CWE-200(将敏感信息暴露给未经授权的行为者):从#20 到 #33 CWE-522(凭证...
CWE-319 C# cs/web/cookie-secure-not-set 'Secure' attribute is not set to true CWE-321 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key CWE-321 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials CWE-321 C# cs/hardcoded-credent...
Cleartext Storage of Sensitive Information in Executable CWE-319: Cleartext Transmission of Sensitive Information CWE-321: Use of Hard-coded Cryptographic Key CWE-322: Key Exchange without Entity Authentication CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-324: Use of a Key Past its Expira...
kingthorin commented on Nov 22, 2024 kingthorin on Nov 22, 2024 MemberAuthor https://cwe.mitre.org/data/definitions/319.html CWE-319: Cleartext Transmission of Sensitive Information Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment ...
Apex 319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Apex 320 Weaknesses in this category are related to errors in the management of cryptographic keys. Apex 321 The use of a hard-coded cryptograp...