CWE-20 | Improper Input Validation |
CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
CWE-302 | Authentication Bypass by Assumed-Immutable Data |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-315 | Cleartext Storage of Sensitive Information in a Cookie |
CWE-384 | Session Fixation |
CWE-472 | External Control of Assumed-Immutable Web Parameter |
CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
CWE-565 | Reliance on Cookies without Validation and Integrity Checking |
CWE-602 | Client-Side Enforcement of Server-Side Security |
CWE-642 | External Control of Critical State Data |
CWE-724 | OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |