DEPRECATED: Failure to provide confidentiality for stored data
This entry has been consolidated into CWE-493: Critical Public Variable Without Final Modifier. The original content describing failure to protect stored data confidentiality has been moved to that entry.
This weakness was deprecated because it duplicated the core concept captured by CWE-493. When a system stores sensitive information like passwords, personal data, or encryption keys without proper protection, it creates a major security gap. Attackers who gain access to the storage—whether through a database breach, exposed logs, or insecure backups—can immediately read and misuse that confidential data. For developers, this highlights the critical need to classify data sensitivity and apply consistent protection. Always encrypt sensitive data at rest using strong, standard algorithms and manage keys separately. Review CWE-493 for specific guidance on using access controls, the 'final' modifier in code, and other mechanisms to enforce confidentiality and prevent accidental exposure of stored information.