CAPEC | Related Weakness |
Sniff Application Code |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-318 | Cleartext Storage of Sensitive Information in Executable |
CWE-319 | Cleartext Transmission of Sensitive Information |
CWE-693 | Protection Mechanism Failure |
CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
|
Session Credential Falsification through Prediction |
CWE-6 | J2EE Misconfiguration: Insufficient Session-ID Length |
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
CWE-285 | Improper Authorization |
CWE-290 | Authentication Bypass by Spoofing |
CWE-330 | Use of Insufficiently Random Values |
CWE-331 | Insufficient Entropy |
CWE-346 | Origin Validation Error |
CWE-384 | Session Fixation |
CWE-488 | Exposure of Data Element to Wrong Session |
CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
CWE-693 | Protection Mechanism Failure |
CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
|
Rainbow Table Password Cracking |
CWE-261 | Weak Encoding for Password |
CWE-262 | Not Using Password Aging |
CWE-263 | Password Aging with Long Expiration |
CWE-521 | Weak Password Requirements |
CWE-693 | Protection Mechanism Failure |
CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
CWE-916 | Use of Password Hash With Insufficient Computational Effort |
|
Encryption Brute Forcing |
CWE-326 | Inadequate Encryption Strength |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
CWE-693 | Protection Mechanism Failure |
CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
|