| CAPEC | Related Weakness |
| Sniff Application Code |
| CWE-311 | Missing Encryption of Sensitive Data |
| CWE-318 | Cleartext Storage of Sensitive Information in Executable |
| CWE-319 | Cleartext Transmission of Sensitive Information |
| CWE-693 | Protection Mechanism Failure |
| CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
|
| Session Credential Falsification through Prediction |
| CWE-6 | J2EE Misconfiguration: Insufficient Session-ID Length |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-285 | Improper Authorization |
| CWE-290 | Authentication Bypass by Spoofing |
| CWE-330 | Use of Insufficiently Random Values |
| CWE-331 | Insufficient Entropy |
| CWE-346 | Origin Validation Error |
| CWE-384 | Session Fixation |
| CWE-488 | Exposure of Data Element to Wrong Session |
| CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
| CWE-693 | Protection Mechanism Failure |
| CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
|
| Rainbow Table Password Cracking |
| CWE-261 | Weak Encoding for Password |
| CWE-262 | Not Using Password Aging |
| CWE-263 | Password Aging with Long Expiration |
| CWE-521 | Weak Password Requirements |
| CWE-693 | Protection Mechanism Failure |
| CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
| CWE-916 | Use of Password Hash With Insufficient Computational Effort |
|
| Encryption Brute Forcing |
| CWE-326 | Inadequate Encryption Strength |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| CWE-693 | Protection Mechanism Failure |
| CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
|
