logo

Database

Non-encrypted confidential information - Hexadecimal

Description

The confidential information is encoded in hexadecimal allowing an attacker to view it in plain text when decoding it.

Impact

Obtain confidential information by decoding hexadecimal.

Recommendation

Use secure encryption methods to encrypt any sensitive information.

Threat

An attacker from an adjacent network performing a sniffing attack.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

134 - Store passwords with salt135 - Passwords with random salt185 - Encrypt sensitive information229 - Request access credentials264 - Request authentication

Fixes

AwsCsharpDartElixirGoJavaPhpPythonScalaSwiftTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

A

Attack complexity

H

Attack requirements

N

Privileges required

N

User interaction

P

Confidentiality (VC)

L

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

U

Vector string

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U