Sensitive data in memory can be vulnerable to compromise. An adversary who can execute code on the same machine system as an application may be able to access such data if the application
- uses Uses objects to store sensitive data whose contents are not cleared or garbage-collected after use.
- has Has memory pages that can be swapped out to disk as required by the operating system (for example, to perform memory management tasks or to support hibernation).
- holds Holds sensitive data in a buffer (such as
BufferedReader) that retains copies of the data in the OS cache or in memory. - bases Bases its control flow on reflection that allows circumventing countermeasures to limit the lifetime of sensitive variables.
- reveals Reveals sensitive data in debugging messages, log files, environment variables, or through thread and core dumps.
...