The software stores sensitive information without properly limiting read or write access by unauthorized actors.