CAPEC Related Weakness
Reusing Session IDs (aka Session Replay)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-290 Authentication Bypass by Spoofing
CWE-294 Authentication Bypass by Capture-replay
CWE-346 Origin Validation Error
CWE-384 Session Fixation
CWE-488 Exposure of Data Element to Wrong Session
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-664 Improper Control of a Resource Through its Lifetime
CWE-732 Incorrect Permission Assignment for Critical Resource
Account Footprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Peripheral Footprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP SYN Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Timestamp Request
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Port Scanning
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Xmas Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Network Topology Mapping
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Active OS Fingerprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Initial Window Size Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ICMP Error Message Echoing Integrity Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Process Footprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Session Credential Falsification through Prediction
CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-290 Authentication Bypass by Spoofing
CWE-330 Use of Insufficiently Random Values
CWE-331 Insufficient Entropy
CWE-346 Origin Validation Error
CWE-384 Session Fixation
CWE-488 Exposure of Data Element to Wrong Session
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-693 Protection Mechanism Failure
CWE-719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Establish Rogue Location
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Excavation
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1243 Sensitive Non-Volatile Information Not Protected During Debug
Host Discovery
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ICMP Information Request
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP SYN Ping
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Connect Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP ACK Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP RPC Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Scanning for Vulnerable Software
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
IP ID Sequencing Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Timestamp Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP (ISN) Sequence Predictability Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP 'RST' Flag Checksum Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Services Footprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Using Slashes in Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-185 Incorrect Regular Expression
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Exploiting Trust in Client
CWE-20 Improper Input Validation
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-287 Improper Authentication
CWE-290 Authentication Bypass by Spoofing
CWE-693 Protection Mechanism Failure
DNS Zone Transfers
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Traceroute Route Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP ACK Ping
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP FIN Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Window Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
IP 'ID' Echoed Byte-Order Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Sequence Number Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP (ISN) Counter Rate Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Options Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Shoulder Surfing
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
Group Permission Footprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Identify Shared Files/Directories on System
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-267 Privilege Defined With Unsafe Actions
Subverting Environment Variable Values
CWE-15 External Control of System or Configuration Setting
CWE-20 Improper Input Validation
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-353 Missing Support for Integrity Check
Footprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Fingerprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ICMP Echo Request Ping
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Enumerate Mail Exchange (MX) Records
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ICMP Address Mask Request
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
UDP Ping
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Null Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
UDP Scan
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Passive OS Fingerprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
IP (DF) 'Don't Fragment Bit' Echoing Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP (ISN) Greatest Common Divisor Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
TCP Congestion Control Flag (ECN) Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
ICMP Error Message Quoting Probe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Browser Fingerprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
File Discovery
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Owner Footprinting
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Eavesdropping
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor