The software stores sensitive information in a file system or device that does not have built-in access control.