CAPEC Related Weakness
Sniffing Attacks
CWE-311Missing Encryption of Sensitive Data
Sniffing Network Traffic
CWE-311Missing Encryption of Sensitive Data
Lifting Sensitive Data Embedded in Cache
CWE-311Missing Encryption of Sensitive Data
CWE-524Use of Cache Containing Sensitive Information
Accessing/Intercepting/Modifying HTTP Cookies
CWE-20Improper Input Validation
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-311Missing Encryption of Sensitive Data
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-384Session Fixation
CWE-472External Control of Assumed-Immutable Web Parameter
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-565Reliance on Cookies without Validation and Integrity Checking
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-724OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Retrieve Embedded Sensitive Data
CWE-311Missing Encryption of Sensitive Data
CWE-312Cleartext Storage of Sensitive Information
CWE-314Cleartext Storage in the Registry
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-318Cleartext Storage of Sensitive Information in Executable
CWE-525Use of Web Browser Cache Containing Sensitive Information
Harvesting Information via API Event Monitoring
CWE-311Missing Encryption of Sensitive Data
CWE-319Cleartext Transmission of Sensitive Information
CWE-419Unprotected Primary Channel
CWE-602Client-Side Enforcement of Server-Side Security
Application API Message Manipulation via Man-in-the-Middle
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Transaction or Event Tampering via Application API Manipulation
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Application API Navigation Remapping
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Navigation Remapping To Propagate Malicious Content
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Application API Button Hijacking
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Signature Spoofing by Mixing Signed and Unsigned Content
CWE-311Missing Encryption of Sensitive Data
CWE-319Cleartext Transmission of Sensitive Information
CWE-693Protection Mechanism Failure
Sniff Application Code
CWE-311Missing Encryption of Sensitive Data
CWE-318Cleartext Storage of Sensitive Information in Executable
CWE-319Cleartext Transmission of Sensitive Information
CWE-693Protection Mechanism Failure
CWE-719OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Cellular Traffic Intercept
CWE-311Missing Encryption of Sensitive Data
Back to Top