Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-VGFF-FGCM-C84F

Vulnerability from github – Published: 2025-03-09 12:30 – Updated: 2025-03-09 12:30
VLAI
Details

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-09T11:15:35Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-vgff-fgcm-c84f",
  "modified": "2025-03-09T12:30:54Z",
  "published": "2025-03-09T12:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2120"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geo-chen/Thinkware-Dashcam"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.299033"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.299033"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.507327"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VGVV-HJ3P-69R2

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-17T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.",
  "id": "GHSA-vgvv-hj3p-69r2",
  "modified": "2022-05-24T17:34:28Z",
  "published": "2022-05-24T17:34:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26551"
    },
    {
      "type": "WEB",
      "url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VHQJ-MFFF-J2J7

Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-09-24 21:30
VLAI
Details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in .secrets, MySQL client keys, and application session files are accessible from multiple containers. An attacker who controls or reaches any container can read or modify these artifacts, leading to credential theft, RCE via Laravel APP_KEY, Portainer takeover, and full compromise.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T19:15:41Z",
    "severity": "CRITICAL"
  },
  "details": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in .secrets, MySQL client keys, and application session files are accessible from multiple containers. An attacker who controls or reaches any container can read or modify these artifacts, leading to credential theft, RCE via Laravel APP_KEY, Portainer takeover, and full compromise.",
  "id": "GHSA-vhqj-mfff-j2j7",
  "modified": "2025-09-24T21:30:36Z",
  "published": "2025-09-19T21:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34206"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-security-architecture"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-shared-storage-permissions"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VHR6-PVJM-9QWF

Vulnerability from github – Published: 2020-07-10 20:55 – Updated: 2024-09-16 21:33
VLAI
Summary
User passwords are stored in clear text in the Django session
Details

Impact

django-two-factor-auth versions 1.11 and before store the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password, and then leaves before entering their two-factor authentication code.

The severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' password are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' password are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis).

Patches

Upgrade to version 1.12 to resolve this issue.

After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas.

In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used.

Workarounds

Switching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading.

References

For an explanation of why storing cleartext password is a substantial vulnerability: Hashing Passwords: One-Way Road to Security.
For documentation on configuring the Django session storage engine: Django session documentation.

For more information

If you have any questions or comments about this advisory: * Open an issue in the repo

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-two-factor-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-10T20:52:31Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\ndjango-two-factor-auth versions 1.11 and before store the user\u0027s password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password, and then leaves before entering their two-factor authentication code.\n\nThe severity of this issue depends on which type of session storage you have configured: in the worst case, if you\u0027re using Django\u0027s default database session storage, then users\u0027 password are stored in clear text in your database. In the best case, if you\u0027re using Django\u0027s signed cookie session, then users\u0027 passwords are only stored in clear text within their browser\u0027s cookie store. In the common case of using Django\u0027s cache session store, the users\u0027 password are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis).\n\n### Patches\n\nUpgrade to version 1.12 to resolve this issue.\n\nAfter upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you\u0027re using the database session backend, you\u0027ll likely want to delete any session record from the database and purge that data from any database backups or replicas.\n\nIn addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used.\n\n### Workarounds\n\nSwitching Django\u0027s session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading.\n\n### References\n\nFor an explanation of why storing cleartext password is a substantial vulnerability: [Hashing Passwords: One-Way Road to Security](https://auth0.com/blog/hashing-passwords-one-way-road-to-security/).  \nFor documentation on configuring the Django session storage engine: [Django session documentation](https://docs.djangoproject.com/en/3.0/topics/http/sessions/).\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the repo](https://github.com/Bouke/django-two-factor-auth)",
  "id": "GHSA-vhr6-pvjm-9qwf",
  "modified": "2024-09-16T21:33:50Z",
  "published": "2020-07-10T20:55:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15105"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Bouke/django-two-factor-auth"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-two-factor-auth/PYSEC-2020-39.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "User passwords are stored in clear text in the Django session"
}

GHSA-VHV6-87PM-667V

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI
Details

A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-31T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)",
  "id": "GHSA-vhv6-87pm-667v",
  "modified": "2022-05-24T17:37:33Z",
  "published": "2022-05-24T17:37:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19941"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VHW2-M627-4R89

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-08T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.",
  "id": "GHSA-vhw2-m627-4r89",
  "modified": "2022-05-24T17:41:17Z",
  "published": "2022-05-24T17:41:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20358"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194965"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6412345"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VHX7-JPM9-345W

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43
VLAI
Details

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-03T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).",
  "id": "GHSA-vhx7-jpm9-345w",
  "modified": "2022-05-13T01:43:36Z",
  "published": "2022-05-13T01:43:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14990"
    },
    {
      "type": "WEB",
      "url": "https://core.trac.wordpress.org/ticket/38474"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3997"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039554"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJ9Q-GW7F-J56J

Vulnerability from github – Published: 2025-07-16 12:30 – Updated: 2025-07-16 12:30
VLAI
Details

This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the hardcoded default credentials stored in the firmware of the targeted device.

Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-16T12:15:30Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the hardcoded default credentials stored in the firmware of the targeted device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted device.",
  "id": "GHSA-vj9q-gw7f-j56j",
  "modified": "2025-07-16T12:30:27Z",
  "published": "2025-07-16T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53758"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VM59-55F6-4QP9

Vulnerability from github – Published: 2024-02-05 18:31 – Updated: 2024-02-05 18:31
VLAI
Details

Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6874"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-05T18:15:51Z",
    "severity": "HIGH"
  },
  "details": "Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number",
  "id": "GHSA-vm59-55f6-4qp9",
  "modified": "2024-02-05T18:31:37Z",
  "published": "2024-02-05T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6874"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/069Vm000000WXaOIAW"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VM7Q-FG8C-G6VG

Vulnerability from github – Published: 2022-11-07 19:00 – Updated: 2022-11-08 19:00
VLAI
Details

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-07T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.",
  "id": "GHSA-vm7q-fg8c-g6vg",
  "modified": "2022-11-08T19:00:23Z",
  "published": "2022-11-07T19:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42955"
    },
    {
      "type": "WEB",
      "url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
    },
    {
      "type": "WEB",
      "url": "https://passwork.canny.io/changelog/version-5110"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.