CWE-525 - Use of Web Browser Cache Containing Sensitive Information

CWE-525

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: Use of Web Browser Cache Containing Sensitive Information

Description: The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data
Notes: Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries and Internet cafes.

Related Weaknesses: CWE-524Use of Cache Containing Sensitive Information

Related Alerts: Re-examine Cache-control DirectivesInformational

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard