CWE-921: Storage of Sensitive Data in a Mechanism without Access Control
Learn about CWE-921 (Storage of Sensitive Data in a Mechanism without Access Control), its security impact, exploitation methods, and prevention guidelines.
What is Storage of Sensitive Data in a Mechanism without Access Control?
• Overview: This vulnerability occurs when sensitive information is stored in a storage mechanism that lacks built-in access control, making it accessible to unauthorized users. Examples include memory cards, USB devices, and certain external storage on mobile devices.
• Exploitation Methods:
- Attackers can gain unauthorized access to sensitive data by physically accessing storage media or through connected devices.
- Common attack patterns include copying data from unsecured storage devices or intercepting data through unprotected external storage interfaces.
• Security Impact:
- Direct consequences include unauthorized access to sensitive data, leading to data breaches or information leaks.
- Potential cascading effects include further exploitation via social engineering or leveraging exposed data for additional attacks.
- Business impact can involve loss of customer trust, legal liabilities, and financial penalties due to non-compliance with data protection regulations.
• Prevention Guidelines:
- Specific code-level fixes include implementing encryption for sensitive data stored on external or non-secure storage.
- Security best practices involve using storage mechanisms with built-in access control and ensuring data is encrypted at rest.
- Recommended tools and frameworks include using secure storage APIs provided by the operating system and employing third-party libraries for data encryption.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Mobile
Vulnerable Code Example
import os
def store_sensitive_data(data, filepath):
# Vulnerable: Storing sensitive data in a file without any access control
with open(filepath, 'w') as file:
file.write(data)
# Example usage
store_sensitive_data("super_secret_password", "/tmp/sensitive_data.txt")
In this vulnerable code example, sensitive data is written directly into a file without any access control settings. This can lead to unauthorized access if the file is stored in a location accessible to other users or processes. The file is created with default permissions, which may allow other users to read or modify the file.
How to fix Storage of Sensitive Data in a Mechanism without Access Control?
To fix this vulnerability, it is crucial to ensure that sensitive data is stored securely with proper access control. Here are some best practices:
-
Restrict File Permissions: Use file system permissions to restrict access to the file. This ensures that only authorized users can read or write the file.
-
Use Secure Storage Solutions: Consider using secure storage solutions like encrypted files or databases with built-in access control mechanisms.
-
Environment Variables for Secrets: Store sensitive data in environment variables or secret management systems rather than files, whenever possible.
-
Encryption: If the data must be stored in a file, consider encrypting the data before writing it to disk.
Fixed Code Example
import os
import stat
def store_sensitive_data(data, filepath):
# Secure: Open the file and immediately set restrictive permissions
with open(filepath, 'w') as file:
file.write(data)
# Restrict access to the file: readable and writable by the owner only
os.chmod(filepath, stat.S_IRUSR | stat.S_IWUSR)
# Example usage
store_sensitive_data("super_secret_password", "/tmp/sensitive_data.txt")
In the fixed code example, we use os.chmod to restrict the file permissions to be readable and writable by the owner only (stat.S_IRUSR | stat.S_IWUSR). This change ensures that only the file owner can read or write to the file, preventing unauthorized access. Additionally, consider using secure storage solutions or encryption for additional security layers.