Session Credential Falsification through Prediction |
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-330
|
Use of Insufficiently Random Values
|
CWE-331
|
Insufficient Entropy
|
CWE-346
|
Origin Validation Error
|
CWE-384
|
Session Fixation
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-693
|
Protection Mechanism Failure
|
CWE-719
|
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
|
|
Encryption Brute Forcing |
CWE-326
|
Inadequate Encryption Strength
|
CWE-327
|
Use of a Broken or Risky Cryptographic Algorithm
|
CWE-693
|
Protection Mechanism Failure
|
CWE-719
|
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
|
|
Rainbow Table Password Cracking |
CWE-261
|
Weak Encoding for Password
|
CWE-262
|
Not Using Password Aging
|
CWE-263
|
Password Aging with Long Expiration
|
CWE-308
|
Use of Single-factor Authentication
|
CWE-309
|
Use of Password System for Primary Authentication
|
CWE-521
|
Weak Password Requirements
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
CWE-719
|
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
|
CWE-916
|
Use of Password Hash With Insufficient Computational Effort
|
|
Sniff Application Code |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-318
|
Cleartext Storage of Sensitive Information in Executable
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
CWE-693
|
Protection Mechanism Failure
|
CWE-719
|
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
|
|