Insecure Cryptographic Storage
Learn more about Insecure Cryptographic Storage vulnerability
Learn more about Insecure Cryptographic Storage vulnerability
Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely. Insecure Cryptographic Storage isn’t a single vulnerability, but a collection of vulnerabilities. The vulnerabilities in the collection all have to do with making sure your most important data is encrypted when it needs to be. This includes:
Developers often assume that data storage will not be examined by an arbitrary user. But many users of an application or program have access to the registry, temporary files and databases. It’s possible for these users to access sensitive data in its unencrypted format using temporary, hidden and registry files. It is also possible for an attacker to gain access using another one of the OWASP Top 10 vulnerabilities, such as Direct Object Access.
Developers should identify all sensitive data and encrypt that data, even when it’s stored on a hard drive. Ensure that sensitive data cannot be easily overwritten and overwrite sensitive memory locations immediately. Additionally, identify the people who should and shouldn’t have knowledge of secrets such as proprietary algorithms, encryption keys and DRM. In most cases, it’s recommended to hide these secrets from even the administrator. Additionally, identify all sensitive data read into the memory and overwrite it with random data.
To ensure secure storage of sensitive data, follow these steps:
The ways to detect and fix cryptographic storage issues fall into two camps.
Learn more on https://www.veracode.com/security/insecure-crypto