# Missing Encryption of Sensitive Data (CWE-311)

The product does not encrypt sensitive or critical information before storage or transmission.

- Prevalence: 高 无 Shoulder 规则
- Impact: 高 OWASP Top 10 #2
- Prevention: 查看 MITRE 外部参考

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

The lack of proper data encryption can lead to exposure of sensitive information. This is especially critical for data that crosses trust boundaries.

## Prevention

## Consequences

- 读取应用程序数据
- 读取文件或目录

## Mitigations

- 在存储和传输前对敏感数据进行加密
- 使用经过验证的加密算法和协议
- 妥善管理加密密钥