CWE-319 敏感数据的明文传输
Cleartext Transmission of Sensitive Information
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: High
基本描述
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
扩展描述
Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 311 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 311 cwe_View_ID: 1003 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 311 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
Paradigm: {'cwe_Name': 'Mobile', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Integrity', 'Confidentiality'] | ['Read Application Data', 'Modify Files or Directories'] | Anyone can read the information by gaining access to the channel being used for communication. |
检测方法
DM-11 Black Box
Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.
Attach the monitor to the process, trigger the feature that sends the data, and look for the presence or absence of common cryptographic functions in the call tree. Monitor the network and determine if the data packets contain readable commands. Tools exist for detecting if certain encodings are in use. If the traffic contains high entropy, this might indicate the usage of encryption.
可能的缓解方案
Architecture and Design
策略:
Encrypt the data with a reliable encryption scheme before transmitting.
Implementation
策略:
When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Testing
策略:
Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Operation
策略:
Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
示例代码
例
The following code attempts to establish a connection to a site to communicate sensitive information.
bad Java
HttpURLConnection hu = (HttpURLConnection) u.openConnection();
hu.setRequestMethod("PUT");
hu.connect();
OutputStream os = hu.getOutputStream();
hu.disconnect();
catch (IOException e) {
//...
Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors.
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2002-1949 | Passwords transmitted in cleartext. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1949 |
| CVE-2008-4122 | Chain: Use of HTTPS cookie without "secure" flag causes it to be transmitted across unencrypted HTTP. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4122 |
| CVE-2008-3289 | Product sends password hash in cleartext in violation of intended policy. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289 |
| CVE-2008-4390 | Remote management feature sends sensitive information including passwords in cleartext. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4390 |
| CVE-2007-5626 | Backup routine sends password in cleartext in email. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5626 |
| CVE-2004-1852 | Product transmits Blowfish encryption key in cleartext. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1852 |
| CVE-2008-0374 | Printer sends configuration information, including administrative password, in cleartext. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0374 |
| CVE-2007-4961 | Chain: cleartext transmission of the MD5 hash of password enables attacks against a server that is susceptible to replay (CWE-294). | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961 |
| CVE-2007-4786 | Product sends passwords in cleartext to a log server. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4786 |
| CVE-2005-3140 | Product sends file with cleartext passwords in e-mail message intended for diagnostic purposes. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3140 |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Plaintext Transmission of Sensitive Information | ||
| The CERT Oracle Secure Coding Standard for Java (2011) | SEC06-J | Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar | |
| The CERT Oracle Secure Coding Standard for Java (2011) | SER02-J | Sign then seal sensitive objects before sending them outside a trust boundary | |
| Software Fault Patterns | SFP23 | Exposed Data |
相关攻击模式
- CAPEC-102
- CAPEC-383
- CAPEC-477
- CAPEC-65