CWE-319
AllowedCleartext Transmission of Sensitive Information
Abstraction: Base · Status: Draft
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
1147 vulnerabilities reference this CWE, most recent first.
GHSA-VFHW-75MR-PG52
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-05-24 16:56An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.
{
"affected": [],
"aliases": [
"CVE-2019-15635"
],
"database_specific": {
"cwe_ids": [
"CWE-319",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the \"Save and test\" button within a data source\u0027s settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the \"Show password\" box.",
"id": "GHSA-vfhw-75mr-pg52",
"modified": "2022-05-24T16:56:40Z",
"published": "2022-05-24T16:56:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15635"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167244"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191009-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VGJR-HR6J-63H6
Vulnerability from github – Published: 2025-08-21 18:31 – Updated: 2025-08-21 21:32Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding.
{
"affected": [],
"aliases": [
"CVE-2025-52351"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-21T18:15:34Z",
"severity": "HIGH"
},
"details": "Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding.",
"id": "GHSA-vgjr-hr6j-63h6",
"modified": "2025-08-21T21:32:05Z",
"published": "2025-08-21T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52351"
},
{
"type": "WEB",
"url": "https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve3-activation-link-password.md"
},
{
"type": "WEB",
"url": "https://www.aikaan.io"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VGPJ-CX57-3C5Q
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
{
"affected": [],
"aliases": [
"CVE-2018-16225"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-18T21:29:00Z",
"severity": "MODERATE"
},
"details": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.",
"id": "GHSA-vgpj-cx57-3c5q",
"modified": "2022-05-13T01:19:14Z",
"published": "2022-05-13T01:19:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16225"
},
{
"type": "WEB",
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2018/Sep/21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VH5X-66R7-4VXW
Vulnerability from github – Published: 2026-01-16 03:30 – Updated: 2026-01-16 03:30The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.
{
"affected": [],
"aliases": [
"CVE-2025-64769"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-16T02:16:45Z",
"severity": "HIGH"
},
"details": "The Process Optimization application suite leverages connection \nchannels/protocols that by-default are not encrypted and could become \nsubject to hijacking or data leakage in certain man-in-the-middle or \npassive inspection scenarios.",
"id": "GHSA-vh5x-66r7-4vxw",
"modified": "2026-01-16T03:30:21Z",
"published": "2026-01-16T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64769"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
},
{
"type": "WEB",
"url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
},
{
"type": "WEB",
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VH96-P962-544H
Vulnerability from github – Published: 2026-01-23 06:31 – Updated: 2026-01-23 06:31Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-28259.
{
"affected": [],
"aliases": [
"CVE-2026-0767"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T04:16:03Z",
"severity": "MODERATE"
},
"details": "Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-28259.",
"id": "GHSA-vh96-p962-544h",
"modified": "2026-01-23T06:31:24Z",
"published": "2026-01-23T06:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0767"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-033"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VH9M-F92J-VQ8W
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.
{
"affected": [],
"aliases": [
"CVE-2021-38418"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-03T20:15:00Z",
"severity": "MODERATE"
},
"details": "Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.",
"id": "GHSA-vh9m-f92j-vq8w",
"modified": "2022-05-24T19:19:31Z",
"published": "2022-05-24T19:19:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38418"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VM4P-CGRM-3HVM
Vulnerability from github – Published: 2023-10-22 03:30 – Updated: 2024-04-04 08:52IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.
{
"affected": [],
"aliases": [
"CVE-2023-38276"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-22T02:15:07Z",
"severity": "HIGH"
},
"details": "IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.",
"id": "GHSA-vm4p-cgrm-3hvm",
"modified": "2024-04-04T08:52:40Z",
"published": "2023-10-22T03:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38276"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260736"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7031207"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VMQV-J6XW-8VH4
Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-05-24 17:49GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment "began several weeks ago and will be complete in the coming days."
{
"affected": [],
"aliases": [
"CVE-2021-31815"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-28T02:15:00Z",
"severity": "LOW"
},
"details": "GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user\u0027s location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment \"began several weeks ago and will be complete in the coming days.\"",
"id": "GHSA-vmqv-j6xw-8vh4",
"modified": "2022-05-24T17:49:00Z",
"published": "2022-05-24T17:49:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31815"
},
{
"type": "WEB",
"url": "https://blog.appcensus.io/2021/04/27/why-google-should-stop-logging-contact-tracing-data"
},
{
"type": "WEB",
"url": "https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VQ3F-HC79-R4PC
Vulnerability from github – Published: 2021-12-31 00:00 – Updated: 2022-01-08 00:00Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.
{
"affected": [],
"aliases": [
"CVE-2021-20154"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-30T22:15:00Z",
"severity": "HIGH"
},
"details": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.",
"id": "GHSA-vq3f-hc79-r4pc",
"modified": "2022-01-08T00:00:37Z",
"published": "2021-12-31T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20154"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VRPH-M5JJ-C46C
Vulnerability from github – Published: 2026-03-03 14:50 – Updated: 2026-03-03 14:50Impact
This vulnerability only affects customers using Weave CNI (Container Network Interface) when configured through RKE templates.
A flaw was discovered in Rancher versions from 2.5.0 up to and including 2.5.13 and from 2.6.0 up to and including 2.6.4, where a UI (user interface) issue with RKE templates does not include a value for the Weave password when Weave is chosen as the CNI.
If a cluster is created based on the mentioned template and Weave is configured as the CNI, no password will be created for network encryption in Weave, therefore network traffic in the cluster will be sent unencrypted.
This issue does not happen when a cluster, with Weave configured as CNI, is created without using an RKE template.
The impact of this vulnerability is higher when nodes on the cluster are on different locations and communicate with one another through the Internet, where monitoring (sniffing) of the network traffic by third-party entities can be more easily achieved.
Patches
Patched versions include releases 2.5.14, 2.6.5 and later versions of Rancher. Besides upgrading to a Rancher patched version, the workarounds listed below must be applied in order for Weave to properly encrypt the network traffic.
Workarounds
- A manual password can be set in Weave by directly editing Weave's DaemonSet on the affected cluster to add the
WEAVE_PASSWORDenvironment variable together with the a value for the password.
$ kubectl -n kube-system edit ds weave-net
<snipped>
containers:
- command:
- /home/weave/launch.sh
env:
- name: INIT_CONTAINER
value: "true"
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: IPALLOC_RANGE
value: <IP allocation range>
- name: WEAVE_PASSWORD
value: "insert strong secret password here"
image: <Weave image>
<snipped>
- A new RKE template revision must be created in order to properly generate the Weave password on new clusters.
Notes
-
In order to provide protection against brute-force attacks, that might break the network encryption, a strong password must be generated for the workaround. Weave's documentation provides recommendations for generating a strong password.
-
Manually generating the password for the workaround is only needed on affected versions of Rancher. This step is not needed when creating new RKE templates on patched versions of Rancher.
For more information
If you have any questions or comments about this advisory:
- Reach out to SUSE Rancher Security team for security related inquiries.
- Open an issue in Rancher repository.
- Verify SUSE Rancher support matrix and product support lifecycle.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.6.4"
},
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.5.13"
},
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-21951"
],
"database_specific": {
"cwe_ids": [
"CWE-311",
"CWE-319"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T14:50:33Z",
"nvd_published_at": "2022-05-25T09:15:08Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThis vulnerability only affects customers using [Weave](https://rancher.com/docs/rancher/v2.6/en/faq/networking/cni-providers/#weave) CNI (Container Network Interface) when configured through [RKE templates](https://rancher.com/docs/rancher/v2.6/en/admin-settings/rke-templates/).\n\nA flaw was discovered in Rancher versions from 2.5.0 up to and including 2.5.13 and from 2.6.0 up to and including 2.6.4, where a UI (user interface) issue with RKE templates does not include a value for the Weave password when Weave is chosen as the CNI.\n\nIf a cluster is created based on the mentioned template and Weave is configured as the CNI, no password will be created for [network encryption](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/) in Weave, therefore network traffic in the cluster will be sent unencrypted.\n\nThis issue does not happen when a cluster, with Weave configured as CNI, is created without using an RKE template.\n\nThe impact of this vulnerability is higher when nodes on the cluster are on different locations and communicate with one another through the Internet, where monitoring (sniffing) of the network traffic by third-party entities can be more easily achieved.\n\n### Patches\n\nPatched versions include releases 2.5.14, 2.6.5 and later versions of Rancher. Besides upgrading to a Rancher patched version, the workarounds listed below must be applied in order for Weave to properly encrypt the network traffic.\n\n### Workarounds\n\n1. A manual password can be set in Weave by directly editing Weave\u0027s DaemonSet on the affected cluster to add the `WEAVE_PASSWORD` environment variable together with the a value for the password.\n\n```shell\n$ kubectl -n kube-system edit ds weave-net\n```\n```yaml\n\u003csnipped\u003e\n containers:\n - command:\n - /home/weave/launch.sh\n env:\n - name: INIT_CONTAINER\n value: \"true\"\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: IPALLOC_RANGE\n value: \u003cIP allocation range\u003e\n - name: WEAVE_PASSWORD\n value: \"insert strong secret password here\"\n image: \u003cWeave image\u003e\n\u003csnipped\u003e\n```\n2. A new [RKE template revision](https://rancher.com/docs/rancher/v2.6/en/admin-settings/rke-templates/creating-and-revising/) must be created in order to properly generate the Weave password on new clusters.\n\n**Notes**\n\n1. In order to provide protection against brute-force attacks, that might break the network encryption, a strong password must be generated for the workaround. Weave\u0027s documentation provides recommendations for generating a [strong password](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/).\n\n2. Manually generating the password for the workaround is only needed on affected versions of Rancher. This step is not needed when creating new RKE templates on patched versions of Rancher.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Reach out to [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n* Open an issue in [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n* Verify SUSE Rancher [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
"id": "GHSA-vrph-m5jj-c46c",
"modified": "2026-03-03T14:50:34Z",
"published": "2026-03-03T14:50:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21951"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1199443"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Rancher\u0027s weave CNI password is not configured when a cluster is created from an RKE template"
}
Mitigation
Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
Mitigation
When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Mitigation
When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
Mitigation
Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Mitigation
Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-117: Interception
An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.
CAPEC-383: Harvesting Information via API Event Monitoring
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
CAPEC-65: Sniff Application Code
An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.