CAPEC Related Weakness
Sniff Application Code
CWE-311 Missing Encryption of Sensitive Data
CWE-318 Cleartext Storage of Sensitive Information in Executable
CWE-319 Cleartext Transmission of Sensitive Information
CWE-693 Protection Mechanism Failure
CWE-719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Manipulating State
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-353 Missing Support for Integrity Check
CWE-371 State Issues
CWE-372 Incomplete Internal State Distinction
CWE-693 Protection Mechanism Failure
CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic
CWE-1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
CWE-1271 Unitialized Value on Reset for Registers Holding Security Settings
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
CWE-287 Improper Authentication
CWE-300 Channel Accessible by Non-Endpoint
CWE-693 Protection Mechanism Failure
CWE-724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Session Credential Falsification through Prediction
CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-290 Authentication Bypass by Spoofing
CWE-330 Use of Insufficiently Random Values
CWE-331 Insufficient Entropy
CWE-346 Origin Validation Error
CWE-384 Session Fixation
CWE-488 Exposure of Data Element to Wrong Session
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-693 Protection Mechanism Failure
CWE-719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Forceful Browsing
CWE-285 Improper Authorization
CWE-425 Direct Request ('Forced Browsing')
CWE-693 Protection Mechanism Failure
Directory Indexing
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-288 Authentication Bypass Using an Alternate Path or Channel
CWE-424 Improper Protection of Alternate Path
CWE-425 Direct Request ('Forced Browsing')
CWE-693 Protection Mechanism Failure
CWE-721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732 Incorrect Permission Assignment for Critical Resource
Using Malicious Files
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-264 Permissions, Privileges, and Access Controls
CWE-270 Privilege Context Switching Error
CWE-272 Least Privilege Violation
CWE-275 Permission Issues
CWE-282 Improper Ownership Management
CWE-285 Improper Authorization
CWE-693 Protection Mechanism Failure
CWE-732 Incorrect Permission Assignment for Critical Resource
Exploiting Trust in Client
CWE-20 Improper Input Validation
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-287 Improper Authentication
CWE-290 Authentication Bypass by Spoofing
CWE-693 Protection Mechanism Failure
Escaping a Sandbox by Calling Code in Another Language
CWE-693 Protection Mechanism Failure
Encryption Brute Forcing
CWE-326 Inadequate Encryption Strength
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-693 Protection Mechanism Failure
CWE-719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Accessing Functionality Not Properly Constrained by ACLs
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-693 Protection Mechanism Failure
CWE-721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1191 Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization
CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE-1220 Insufficient Granularity of Access Control
CWE-1224 Improper Restriction of Write-Once Bit Fields
CWE-1244 Improper Access to Sensitive Information Using Debug and Test Interfaces
CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
CWE-1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents
CWE-1283 Mutable Attestation or Measurement Reporting Data
CWE-1311 Improper Translation of Security Attributes by Fabric Bridge
CWE-1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
CWE-1313 Hardware Allows Activation of Test or Debug Logic at Runtime
CWE-1314 Missing Write Protection for Parametric Data Values
CWE-1315 Improper Setting of Bus Controlling Capability in Fabric End-point
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1320 Improper Protection for Out of Bounds Signal Level Alerts
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1326 Missing Immutable Root of Trust in Hardware
CWE-1327 Binding to an Unrestricted IP Address
Cross Site Tracing
CWE-648 Incorrect Use of Privileged APIs
CWE-693 Protection Mechanism Failure
Using Unpublished Interfaces
CWE-306 Missing Authentication for Critical Function
CWE-693 Protection Mechanism Failure
CWE-695 Use of Low-Level Functionality
CWE-1242 Inclusion of Undocumented Features or Chicken Bits
Signature Spoofing by Mixing Signed and Unsigned Content
CWE-311 Missing Encryption of Sensitive Data
CWE-319 Cleartext Transmission of Sensitive Information
CWE-693 Protection Mechanism Failure
Escaping Virtualization
CWE-693 Protection Mechanism Failure
Poison Web Service Registry
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-285 Improper Authorization
CWE-693 Protection Mechanism Failure