A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.