CWE-316: Plaintext Storage in Memory | Demonstration

This demo shows how we could retrieve senstive data of a program through memory dump. We demonstrated it using a real-world application, pfingo 4.2. Sensitive data should always be encrypted in program memory once they have been pulled from external sources/user inputs. Note that malicious programs could do the same.

Popular posts from this blog

SSL Breacher - Yet Another SSL Test Tool

Elgg 1.7.10 <= | Multiple Vulnerabilities

TinyBrowser (TinyMCE Editor Plugin) 1.41.6 <= Multiple Vulnerabilities