CWE-311 - Missing Encryption of Sensitive Data


The weakness exists due to lack of correct sensitive or important data encryption. Unproperly encrypted information can't provide appropriate confidentiality, integrity and accountability of the system. As application doesn't use a secure channel as SSl attackers can easily obtain sensitive data. Vulnerability also allows malicious users to modify application data.
The weakness is introduced during Architecture and Design, Implication stages.

Latest vulnerabilities for CWE-311


Description of CWE-311 on Mitre website