CWE-316: Plaintext Storage in Memory | Demonstration

This demo shows how we could retrieve senstive data of a program through memory dump. We demonstrated it using a real-world application, pfingo 4.2. Sensitive data should always be encrypted in program memory once they have been pulled from external sources/user inputs. Note that malicious programs could do the same. 


http://core.yehg.net/lab/pr0js/training/view/CWE-316_plaintext-storage-in-memory/

Popular posts from this blog

Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution

Elgg 1.7.10 <= | Multiple Vulnerabilities

SSL Breacher - Yet Another SSL Test Tool