CWE-316: Plaintext Storage in Memory | Demonstration

This demo shows how we could retrieve senstive data of a program through memory dump. We demonstrated it using a real-world application, pfingo 4.2. Sensitive data should always be encrypted in program memory once they have been pulled from external sources/user inputs. Note that malicious programs could do the same.

Popular posts from this blog

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability

Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution