CWE-1266 - CERT CVE

CWE-1266 - Improper Scrubbing of Sensitive Data from Decommissioned Device

The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capability could be missing, insufficient, or incorrect.

CAPEC ID Naziv
CAPEC-150 Collect Data from Common Resource Locations
CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC-545 Pull Data from System Resources
CAPEC-546 Probe Application Memory