CWE · MITRE source
CWE-256Plaintext Storage of a Password
The product stores a password in plaintext within resources such as memory or files.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: mostly · 3 mapping(s) from 2 framework(s): ATT&CK 2 (mostly) · OWASP-Web 1 (mostly)
OWASP Top 10 for Web (2025)
This weakness contributes to A06:2025 Insecure Design.
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-28 | Protection of Information at Rest | SC | Protection of passwords and credentials at rest forces encryption or equivalent controls instead of plaintext storage. |
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2017-7913 | 7.0 | 9.8 | 0.0118 | 2017-05-29 |
CVE-2018-7510 | 7.0 | 9.8 | 0.0140 | 2018-06-06 |
CVE-2018-8851 | 7.0 | 9.8 | 0.0130 | 2018-07-24 |
CVE-2017-16714 | 7.0 | 9.8 | 0.0243 | 2018-09-06 |
CVE-2020-6961 | 7.0 | 10.0 | 0.0162 | 2020-01-24 |
CVE-2022-36308 | 7.0 | 9.1 | 0.0062 | 2022-08-16 |
CVE-2024-23486 | 7.0 | 9.8 | 0.0056 | 2024-04-15 |
CVE-2024-36081 | 7.0 | 9.8 | 0.0057 | 2024-05-19 |
CVE-2024-33375 | 7.0 | 9.8 | 0.0062 | 2024-06-14 |
CVE-2024-6118 | 7.0 | 9.1 | 0.0048 | 2024-08-05 |
CVE-2024-5960 UPD | 7.0 | 9.8 | 0.0043 | 2024-09-18 |
CVE-2025-27656 | 7.0 | 9.8 | 0.0083 | 2025-03-05 |
CVE-2025-27662 | 7.0 | 9.8 | 0.0057 | 2025-03-05 |
CVE-2025-5893 UPD | 7.0 | 9.8 | 0.0042 | 2025-06-09 |
CVE-2025-6560 UPD | 7.0 | 9.8 | 0.0056 | 2025-06-24 |
CVE-2025-6561 UPD | 7.0 | 9.8 | 0.0048 | 2025-06-26 |
CVE-2025-15113 | 7.0 | 9.3 | 0.0043 | 2025-12-30 |
CVE-2026-21660 | 7.0 | 9.8 | 0.0023 | 2026-02-27 |
CVE-2024-55026 | 7.0 | 9.8 | 0.0034 | 2026-03-03 |
CVE-2019-6518 | 5.5 | 7.5 | 0.0124 | 2019-03-05 |
CVE-2017-6049 | 5.5 | 7.5 | 0.0125 | 2019-04-02 |
CVE-2019-0032 | 5.5 | 7.8 | 0.0044 | 2019-04-10 |
CVE-2019-10921 | 5.5 | 7.5 | 0.0245 | 2019-05-14 |
CVE-2020-5374 | 5.5 | 8.8 | 0.0104 | 2020-07-14 |
CVE-2020-10609 | 5.5 | 7.5 | 0.0152 | 2020-07-27 |