Cyber Resilience

CWE · MITRE source

CWE-256Plaintext Storage of a Password

Abstraction: Base · CVEs in our corpus: 208

The product stores a password in plaintext within resources such as memory or files.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 3 mapping(s) from 2 framework(s): ATT&CK 2 (mostly) · OWASP-Web 1 (mostly)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A06:2025 Insecure Design.

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
SC-28Protection of Information at RestSCProtection of passwords and credentials at rest forces encryption or equivalent controls instead of plaintext storage.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2017-79137.09.80.01182017-05-29
CVE-2018-75107.09.80.01402018-06-06
CVE-2018-88517.09.80.01302018-07-24
CVE-2017-167147.09.80.02432018-09-06
CVE-2020-69617.010.00.01622020-01-24
CVE-2022-363087.09.10.00622022-08-16
CVE-2024-234867.09.80.00562024-04-15
CVE-2024-360817.09.80.00572024-05-19
CVE-2024-333757.09.80.00622024-06-14
CVE-2024-61187.09.10.00482024-08-05
CVE-2024-5960 UPD7.09.80.00432024-09-18
CVE-2025-276567.09.80.00832025-03-05
CVE-2025-276627.09.80.00572025-03-05
CVE-2025-5893 UPD7.09.80.00422025-06-09
CVE-2025-6560 UPD7.09.80.00562025-06-24
CVE-2025-6561 UPD7.09.80.00482025-06-26
CVE-2025-151137.09.30.00432025-12-30
CVE-2026-216607.09.80.00232026-02-27
CVE-2024-550267.09.80.00342026-03-03
CVE-2019-65185.57.50.01242019-03-05
CVE-2017-60495.57.50.01252019-04-02
CVE-2019-00325.57.80.00442019-04-10
CVE-2019-109215.57.50.02452019-05-14
CVE-2020-53745.58.80.01042020-07-14
CVE-2020-106095.57.50.01522020-07-27