378 – Non-encrypted confidential information - Hexadecimal

Description

The confidential information is encoded in hexadecimal allowing an attacker to view it in plain text when decoding it.

Impact

Obtain confidential information by decoding hexadecimal.

Recommendation

Use secure encryption methods to encrypt any sensitive information.

Threat

An attacker from an adjacent network performing a sniffing attack.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: P
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 134 - Store passwords with salt
• 135 - Passwords with random salt
• 185 - Encrypt sensitive information
• 229 - Request access credentials
• 264 - Request authentication

Fixes

• Aws
• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Scala
• Swift
• Typescript

Last updated

2024/02/20