| CAPEC | Related Weakness |
| Man in the Middle Attack |
| CWE-287 | Improper Authentication |
| CWE-290 | Authentication Bypass by Spoofing |
| CWE-294 | Authentication Bypass by Capture-replay |
| CWE-300 | Channel Accessible by Non-Endpoint |
| CWE-593 | Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created |
| CWE-724 | OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
|
| Utilizing REST's Trust in the System Resource to Obtain Sensitive Data |
| CWE-287 | Improper Authentication |
| CWE-300 | Channel Accessible by Non-Endpoint |
| CWE-693 | Protection Mechanism Failure |
| CWE-724 | OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
|
| Session Hijacking |
|
| Fake the Source of Data |
|
| Authentication Abuse |
|
| Identity Spoofing |
|
| Token Impersonation |
|
| Authentication Bypass |
|
| Exploiting Trust in Client |
| CWE-20 | Improper Input Validation |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-287 | Improper Authentication |
| CWE-290 | Authentication Bypass by Spoofing |
| CWE-693 | Protection Mechanism Failure |
|
| Upload a Web Shell to a Web Server |
| CWE-287 | Improper Authentication |
| CWE-553 | Command Shell in Externally Accessible Directory |
|
