VYPR

CWE-317

Cleartext Storage of Sensitive Information in GUI

VariantDraft

Description

The product stores sensitive information in cleartext within the GUI.

An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2)

  • CVE-2025-14816CriApr 8, 2026
    risk 0.60cvss epss 0.00

    Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper…

  • CVE-2022-0354HigApr 22, 2022
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command…