CAPEC | Related Weakness |
Harvesting Information via API Event Monitoring |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-319 | Cleartext Transmission of Sensitive Information |
CWE-419 | Unprotected Primary Channel |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Signature Spoofing by Mixing Signed and Unsigned Content |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-319 | Cleartext Transmission of Sensitive Information |
CWE-693 | Protection Mechanism Failure |
|
Sniff Application Code |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-318 | Cleartext Storage of Sensitive Information in Executable |
CWE-319 | Cleartext Transmission of Sensitive Information |
CWE-693 | Protection Mechanism Failure |
CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
|
Sniffing Network Traffic |
CWE-311 | Missing Encryption of Sensitive Data |
|
Retrieve Embedded Sensitive Data |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-312 | Cleartext Storage of Sensitive Information |
CWE-314 | Cleartext Storage in the Registry |
CWE-315 | Cleartext Storage of Sensitive Information in a Cookie |
CWE-318 | Cleartext Storage of Sensitive Information in Executable |
CWE-525 | Use of Web Browser Cache Containing Sensitive Information |
|
Navigation Remapping To Propagate Malicious Content |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Sniffing Attacks |
CWE-311 | Missing Encryption of Sensitive Data |
|
Lifting Sensitive Data Embedded in Cache |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-524 | Use of Cache Containing Sensitive Information |
|
Transaction or Event Tampering via Application API Manipulation |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Application API Message Manipulation via Man-in-the-Middle |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Application API Navigation Remapping |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Accessing/Intercepting/Modifying HTTP Cookies |
CWE-20 | Improper Input Validation |
CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
CWE-302 | Authentication Bypass by Assumed-Immutable Data |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-315 | Cleartext Storage of Sensitive Information in a Cookie |
CWE-384 | Session Fixation |
CWE-472 | External Control of Assumed-Immutable Web Parameter |
CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
CWE-565 | Reliance on Cookies without Validation and Integrity Checking |
CWE-602 | Client-Side Enforcement of Server-Side Security |
CWE-642 | External Control of Critical State Data |
CWE-724 | OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
|
Application API Button Hijacking |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Cellular Traffic Intercept |
CWE-311 | Missing Encryption of Sensitive Data |
|