CVEbaza.plSłownik CWECWE-315
Common Weakness Enumeration

CWE-315

Cleartext Storage of Sensitive Information in a Cookie

Kategoria: VariantCVE: 8
Opis

Produkt przechowuje poufne informacje w postaci zwykłego tekstu w pliku cookie. Narażone jest to na zagrożenia związane z dostępem do danych oraz ich przechwyceniem.

Description (EN)

The product stores sensitive information in cleartext in a cookie.

Podatności CVE z CWE-315 (8)
9.3
CVSS
CRITICAL
CVE-2024-8644

Aplikacja ValeApp firmy Oceanic Software przechowuje wrażliwe informacje w ciasteczkach (cookies) w postaci jawnego tekstu (cleartext), bez odpowiedniego zabezpieczenia. Umożliwia to atakującemu przechwycenie i manipulację danymi sesji, co może prowadzić do przejęcia kontroli nad kontem użytkownika.

pub. 2024-09-27
9.1
CVSS
CRITICAL
CVE-2026-25818

Urządzenia HMS Networks Ewon Flexy oraz Cosy+ wykorzystują słabą entropię przy generowaniu ciasteczek uwierzytelniających sesję. Atakujący, który wejdzie w posiadanie skradzionego ciasteczka sesji, może metodą brute-force odtworzyć hasło użytkownika poprzez złamanie parametru szyfrowania.

pub. 2026-03-13
8.1
CVSS
HIGH
CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.

pub. 2024-10-02
7.5
CVSS
HIGH
CVE-2018-19941

A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)

pub. 2020-12-31
6.5
CVSS
MEDIUM
CVE-2024-24768

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

pub. 2024-02-05
5.5
CVSS
MEDIUM
CVE-2021-34564

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.

pub. 2021-08-31
2.9
CVSS
LOW
CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

pub. 2025-08-04
2.3
CVSS
LOW
CVE-2025-4537

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

pub. 2025-05-11
Informacje
ID: CWE-315
Typ: Variant
Podatności: 8
MITRE CWE ↗
← Słownik CWE