CAPEC Related Weakness
Accessing Functionality Not Properly Constrained by ACLs
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-434Unrestricted Upload of File with Dangerous Type
CWE-693Protection Mechanism Failure
CWE-721
CWE-732Incorrect Permission Assignment for Critical Resource
Clickjacking
CWE-693Protection Mechanism Failure
Cross Site Tracing
CWE-648Incorrect Use of Privileged APIs
CWE-693Protection Mechanism Failure
Directory Indexing
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-288Authentication Bypass Using an Alternate Path or Channel
CWE-424Improper Protection of Alternate Path
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
CWE-721
CWE-732Incorrect Permission Assignment for Critical Resource
Dictionary-based Password Attack
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-521Weak Password Requirements
CWE-693Protection Mechanism Failure
Accessing, Modifying or Executing Executable Files
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-264
CWE-270Privilege Context Switching Error
CWE-272Least Privilege Violation
CWE-275
CWE-282Improper Ownership Management
CWE-285Improper Authorization
CWE-693Protection Mechanism Failure
CWE-732Incorrect Permission Assignment for Critical Resource
Encryption Brute Forcing
CWE-326Inadequate Encryption Strength
CWE-327Use of a Broken or Risky Cryptographic Algorithm
CWE-693Protection Mechanism Failure
CWE-719
Exploiting Trust in Client (aka Make the Client Invisible)
CWE-20Improper Input Validation
CWE-200Information Exposure
CWE-287Improper Authentication
CWE-290Authentication Bypass by Spoofing
CWE-693Protection Mechanism Failure
Calling Signed Code From Another Language Within A Sandbox Allow This
CWE-693Protection Mechanism Failure
Using Unpublished Web Service APIs
CWE-306Missing Authentication for Critical Function
CWE-693Protection Mechanism Failure
CWE-695Use of Low-Level Functionality
Signature Spoofing by Key Theft
CWE-216Containment Errors (Container Errors)
CWE-284Improper Access Control
CWE-693Protection Mechanism Failure
Signature Spoofing by Improper Validation
CWE-693Protection Mechanism Failure
Signature Spoofing by Mixing Signed and Unsigned Content
CWE-311Missing Encryption of Sensitive Data
CWE-319Cleartext Transmission of Sensitive Information
CWE-693Protection Mechanism Failure
Password Brute Forcing
CWE-257Storing Passwords in a Recoverable Format
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-521Weak Password Requirements
CWE-693Protection Mechanism Failure
Poison Web Service Registry
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-285Improper Authorization
CWE-693Protection Mechanism Failure
Rainbow Table Password Cracking
CWE-261Weak Cryptography for Passwords
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-521Weak Password Requirements
CWE-693Protection Mechanism Failure
CWE-719
Removing/short-circuiting 'guard logic'
CWE-288Authentication Bypass Using an Alternate Path or Channel
CWE-372Incomplete Internal State Distinction
CWE-510Trapdoor
CWE-693Protection Mechanism Failure
CWE-721
Utilizing REST's Trust in the System Resource to Register Man in the Middle
CWE-287Improper Authentication
CWE-300Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
CWE-693Protection Mechanism Failure
CWE-724
Session Credential Falsification through Prediction
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-200Information Exposure
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-330Use of Insufficiently Random Values
CWE-331Insufficient Entropy
CWE-346Origin Validation Error
CWE-384
CWE-488Exposure of Data Element to Wrong Session
CWE-539Information Exposure Through Persistent Cookies
CWE-693Protection Mechanism Failure
CWE-719
Passively Sniff and Capture Application Code Bound for Authorized Client
CWE-311Missing Encryption of Sensitive Data
CWE-318Cleartext Storage of Sensitive Information in Executable
CWE-319Cleartext Transmission of Sensitive Information
CWE-693Protection Mechanism Failure
CWE-719
Try Common(default) Usernames and Passwords
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-521Weak Password Requirements
CWE-693Protection Mechanism Failure
CWE-798Use of Hard-coded Credentials
Manipulating User State
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-353Missing Support for Integrity Check
CWE-371
CWE-372Incomplete Internal State Distinction
CWE-693Protection Mechanism Failure
Forceful Browsing
CWE-285Improper Authorization
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
Cryptanalysis
CWE-327Use of a Broken or Risky Cryptographic Algorithm
CWE-693Protection Mechanism Failure
CWE-719
Back to Top