HoT-TAI-0010: Weak or no data at rest encryption

Summary:

CWE-313 Cleartext Storage in a File or on Disk

VT0012: Data encrypted with discovered keys / Use of static same enc/dec key

CWE-311 Missing Encryption of Sensitive Data

CWE-312 Cleartext Storage of Sensitive Information

CWE-318 Cleartext Storage of Sensitive Information in Executable

Estimated Overall Risk Assessment:HIGH/MID/LOW

  • Technical Impacts:

  • Business Impacts:

  • Detectability:

  • Prevalence:

  • Exploitability:

Attack Surfaces Grouped By Layer of Cyberspace

  • Physical Network Layer
    • Local Data Storage

Known Intrusion / Exploit / Attack Cases and Threats

TBD

Identify, Detect, Protect, Respond, and Recover (NIST FICIC)

TBD

Analysis Tools and Training

TBD

Associated CVEs / Manufacturers / Devices

TBD

References

TBD

results matching ""

    No results matching ""