CWE-524
Use of Cache Containing Sensitive Information
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.
Mitigation
Phase: Architecture and Design
Description:
- Protect information stored in cache.
Mitigation
Phase: Architecture and Design
Description:
- Do not store unnecessarily sensitive information in the cache.
Mitigation
Phase: Architecture and Design
Description:
- Consider using encryption in the cache.
CAPEC-204: Lifting Sensitive Data Embedded in Cache
An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.