| CWE-294 | Authentication Bypass by Capture-replay |
| CWE-319 | Cleartext Transmission of Sensitive Information |
| CWE-522 | Insufficiently Protected Credentials |
| CWE-523 | Unprotected Transport of Credentials |
| CWE-614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
