CAPEC Related Weakness
Cellular Traffic Intercept
CWE-311 Missing Encryption of Sensitive Data
Transaction or Event Tampering via Application API Manipulation
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Sniffing Network Traffic
CWE-311 Missing Encryption of Sensitive Data
Harvesting Information via API Event Monitoring
CWE-311 Missing Encryption of Sensitive Data
CWE-319 Cleartext Transmission of Sensitive Information
CWE-419 Unprotected Primary Channel
CWE-602 Client-Side Enforcement of Server-Side Security
Navigation Remapping To Propagate Malicious Content
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Signature Spoofing by Mixing Signed and Unsigned Content
CWE-311 Missing Encryption of Sensitive Data
CWE-319 Cleartext Transmission of Sensitive Information
CWE-693 Protection Mechanism Failure
Sniff Application Code
CWE-311 Missing Encryption of Sensitive Data
CWE-318 Cleartext Storage of Sensitive Information in Executable
CWE-319 Cleartext Transmission of Sensitive Information
CWE-693 Protection Mechanism Failure
CWE-719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Lifting Sensitive Data Embedded in Cache
CWE-311 Missing Encryption of Sensitive Data
CWE-524 Use of Cache Containing Sensitive Information
CWE-1239 Improper Zeroization of Hardware Register
CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
Accessing/Intercepting/Modifying HTTP Cookies
CWE-20 Improper Input Validation
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-311 Missing Encryption of Sensitive Data
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-384 Session Fixation
CWE-472 External Control of Assumed-Immutable Web Parameter
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-565 Reliance on Cookies without Validation and Integrity Checking
CWE-602 Client-Side Enforcement of Server-Side Security
CWE-642 External Control of Critical State Data
CWE-724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Application API Message Manipulation via Man-in-the-Middle
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Application API Button Hijacking
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security
Sniffing Attacks
CWE-311 Missing Encryption of Sensitive Data
Retrieve Embedded Sensitive Data
CWE-226 Sensitive Information in Resource Not Removed Before Reuse
CWE-311 Missing Encryption of Sensitive Data
CWE-312 Cleartext Storage of Sensitive Information
CWE-314 Cleartext Storage in the Registry
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-318 Cleartext Storage of Sensitive Information in Executable
CWE-525 Use of Web Browser Cache Containing Sensitive Information
CWE-1239 Improper Zeroization of Hardware Register
CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
CWE-1272 Sensitive Information Uncleared Before Debug/Power State Transition
CWE-1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CWE-1330 Remanent Data Readable after Memory Erase
Application API Navigation Remapping
CWE-311 Missing Encryption of Sensitive Data
CWE-345 Insufficient Verification of Data Authenticity
CWE-346 Origin Validation Error
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-602 Client-Side Enforcement of Server-Side Security