CVEbaza.plCWE DictionaryCWE-315
Common Weakness Enumeration

CWE-315

Cleartext Storage of Sensitive Information in a Cookie

Category: VariantCVE: 8
Description

The product stores sensitive information in cleartext in a cookie.

Extended Description

Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

CVE vulnerabilities with CWE-315 (8)
9.3
CVSS
CRITICAL
CVE-2024-8644

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0.

pub. 2024-09-27
9.1
CVSS
CRITICAL
CVE-2026-25818

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption parameter.

pub. 2026-03-13
8.1
CVSS
HIGH
CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.

pub. 2024-10-02
7.5
CVSS
HIGH
CVE-2018-19941

A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)

pub. 2020-12-31
6.5
CVSS
MEDIUM
CVE-2024-24768

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

pub. 2024-02-05
5.5
CVSS
MEDIUM
CVE-2021-34564

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.

pub. 2021-08-31
2.9
CVSS
LOW
CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

pub. 2025-08-04
2.3
CVSS
LOW
CVE-2025-4537

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

pub. 2025-05-11
Information
ID: CWE-315
Type: Variant
Vulnerabilities: 8
MITRE CWE ↗
← CWE Dictionary
CWE-315 — Cleartext Storage of Sensitive Information in a Cookie | CWE Dictionary | CVEbaza.pl