logo

Database

Non-encrypted confidential information - Keys

Description

Confidential information is stored in plain text allowing an attacker to view it without any encryption.

Impact

Obtain sensitive information that can compromise system resources.

Recommendation

Encrypt all sensitive information that is transported or stored within the application according to the organizations policies.

Threat

Attacker with access to source code from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

134 - Store passwords with salt135 - Passwords with random salt185 - Encrypt sensitive information

Fixes

DartPython

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

L

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

L

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

P

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P