CAPEC Related Weakness
Exploitation of Trusted Credentials
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-290Authentication Bypass by Spoofing
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-664Improper Control of a Resource Through its Lifetime
Exploiting Trust in Client
CWE-20Improper Input Validation
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-287Improper Authentication
CWE-290Authentication Bypass by Spoofing
CWE-693Protection Mechanism Failure
Creating a Rogue Certification Authority Certificate
CWE-290Authentication Bypass by Spoofing
CWE-295Improper Certificate Validation
CWE-327Use of a Broken or Risky Cryptographic Algorithm
Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
CWE-290Authentication Bypass by Spoofing
CWE-328Reversible One-Way Hash
Signature Spoof
CWE-20Improper Input Validation
CWE-290Authentication Bypass by Spoofing
CWE-327Use of a Broken or Risky Cryptographic Algorithm
Signature Spoofing by Misrepresentation
CWE-290Authentication Bypass by Spoofing
Session Credential Falsification through Prediction
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-330Use of Insufficiently Random Values
CWE-331Insufficient Entropy
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-488Exposure of Data Element to Wrong Session
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-693Protection Mechanism Failure
CWE-719OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Reusing Session IDs (aka Session Replay)
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-488Exposure of Data Element to Wrong Session
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Man in the Middle Attack
CWE-287Improper Authentication
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-300Channel Accessible by Non-Endpoint
CWE-593Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
CWE-724OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Back to Top