The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.
