CWE-316: Plaintext Storage in Memory | Demonstration

This demo shows how we could retrieve senstive data of a program through memory dump. We demonstrated it using a real-world application, pfingo 4.2. Sensitive data should always be encrypted in program memory once they have been pulled from external sources/user inputs. Note that malicious programs could do the same.

Popular posts from this blog

SSL Breacher - Yet Another SSL Test Tool

Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution

TinyBrowser (TinyMCE Editor Plugin) 1.41.6 <= Multiple Vulnerabilities