Modes Of Introduction
Architecture and Design
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Operation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)
Common Consequences
Scope |
Impact |
Likelihood |
Confidentiality | Read Application Data | |
Observed Examples
Reference |
Description |
CVE-2005-1387 | password passed on command line |
CVE-2005-2291 | password passed on command line |
CVE-2001-1565 | username/password on command line allows local users to view via "ps" or other process listing programs |
CVE-2004-1948 | Username/password on command line allows local users to view via "ps" or other process listing programs. |
CVE-1999-1270 | PGP passphrase provided as command line argument. |
CVE-2004-1058 | Kernel race condition allows reading of environment variables of a process that is still spawning. |
CVE-2021-32638 | Code analysis product passes access tokens as a command-line parameter or through an environment variable, making them visible to other processes via the ps command. |
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Notes
Under-studied, especially environment variables.
Submission
Name |
Organization |
Date |
Date Release |
Version |
PLOVER |
|
2006-07-19 +00:00 |
2006-07-19 +00:00 |
Draft 3 |
Modifications
Name |
Organization |
Date |
Comment |
Sean Eidemiller |
Cigital |
2008-07-01 +00:00 |
added/updated demonstrative examples |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Time_of_Introduction |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2008-10-14 +00:00 |
updated Description, Other_Notes |
CWE Content Team |
MITRE |
2009-10-29 +00:00 |
updated Other_Notes |
CWE Content Team |
MITRE |
2011-03-29 +00:00 |
updated Name |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2012-10-30 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2014-07-30 +00:00 |
updated Demonstrative_Examples, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Applicable_Platforms, Modes_of_Introduction, Relationships |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Description, Name, Relationships, Type |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description, Observed_Examples, Relationships |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |