Fluid Attacks Database

Avoid caching and temporary files

Summary

The system must not store sensitive information in temporary files or cache memory.

Description

Applications sometimes reside in or get consumed by environments in which caching is possible. Caching helps performance or makes certain actions more comfortable for the application users. However, cached information is often more susceptible to being exposed or corrupted. Thus, avoiding cache memory and temporary files helps protect sensitive information.

References

CWE-285. Improper authorization
CWE-377. Insecure temporary file
CWE-524. Use of cache containing sensitive information
CWE-525. Use of web browser cache containing sensitive information
EPRIVACY-4_1a. Security of processing
GDPR-5_1f. Principles relating to processing of personal data
OWASP10-A2. Cryptographic failures
CERTJ-FIO03-J. Remove temporary files before termination
NYSHIELD-5575_B_6. Personal and private information
HITRUST-09_h. Capacity management
OSSTMM3-11_11_1. Data networks security - Privacy containment mapping
WASC-W_13. Information leakage
NISTSSDF-PS_3_1. Archive and protect each software release
PTES-7_4_4_2. Post Exploitation - Pillaging (user information on web browsers)
OWASPSCP-8. Data protection
ASVS-8_1_2. General data protection
CASA-13_1_4. Generic Web Service Security
OWASPLLM-LLM02:2025. Sensitive Information Disclosure
OWASPLLM-LLM07:2025. System Prompt Leakage
OWASPLLM-LLM08:2025. Vector and Embedding Weaknesses

Weaknesses

019. Administrative credentials stored in cache memory
028. Insecure temporary files
038. Business information leak
065. Cached form fields
080. Business information leak - Customers or providers
085. Sensitive data stored in client-side storage
136. Insecure or unset HTTP headers - Cache Control
213. Business information leak - JWT
214. Business information leak - Credentials
215. Business information leak - Repository
216. Business information leak - Source Code
217. Business information leak - Credit Cards
218. Business information leak - Network Unit
219. Business information leak - Redis
220. Business information leak - Token
221. Business information leak - Users
222. Business information leak - DB
223. Business information leak - JFROG
224. Business information leak - AWS
225. Business information leak - Azure
226. Business information leak - Personal Information
227. Business information leak - NAC
228. Business information leak - Analytics
229. Business information leak - Power BI
230. Business information leak - Firestore
291. Business information leak - Financial Information
336. Business information leak - Corporate information

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

Supported In

This requirement is verified in following services

Essential Plan

Yes

Advanced Plan

Yes