CWE-526
Cleartext Storage of Sensitive Information in an Environment Variable
The product uses an environment variable to store unencrypted sensitive information.
Mitigation
Phase: Architecture and Design
Description:
- Encrypt information stored in the environment variable to protect it from being exposed to an unauthorized user. If encryption is not feasible or is considered too expensive for the business use of the application, then consider using a properly protected configuration file instead of an environment variable. It should be understood that unencrypted information in a config file is also not guaranteed to be protected, but it is still a better choice, because it reduces attack surface related to weaknesses such as CWE-214. In some settings, vaults might be a feasible option for safer data transfer. Users should be notified of the business choice made to not protect the sensitive information through encryption.
Mitigation
Phase: Implementation
Description:
- If the environment variable is not necessary for the desired behavior, then remove it entirely, or clear it to an empty value.
No CAPEC attack patterns related to this CWE.