Information Disclosure
Many information disclosure threats are best addressed with cryptography.
2 of Information Disclosure. An attacker can brute-force file encryption because no defense is in place (example defense: password stretching). Password stretching refers to taking a password and iterating over it thousands of times to make a better cryptographic key, which is then used to encrypt the document (rather than using the password directly).
3 of Information Disclosure. An attacker can see error messages with security-sensitive content. For example, your web error page says “Cannot connect to database with password foobar1.” The right pattern is a unique error code and perhaps pointing to the relevant logs. This can also relate to the 3 of Repudiation (a low-privilege attacker can read interesting security information in the logs).
4 of Information Disclosure. An attacker can read content because messages (for example, an e-mail or HTTP cookie) aren't encrypted...