CAPEC Related Weakness
Session Sidejacking
CWE-294Authentication Bypass by Capture-replay
CWE-319Cleartext Transmission of Sensitive Information
CWE-522Insufficiently Protected Credentials
CWE-523Unprotected Transport of Credentials
CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Lifting credential(s)/key material embedded in client distributions (thick or thin)
CWE-259Use of Hard-coded Password
CWE-522Insufficiently Protected Credentials
Password Recovery Exploitation
CWE-522Insufficiently Protected Credentials
CWE-640Weak Password Recovery Mechanism for Forgotten Password
CWE-718
Back to Top