Weakness browsing - CVE-Search

CAPEC

Related Weakness

Man in the Middle Attack

CWE-287	Improper Authentication
CWE-290	Authentication Bypass by Spoofing
CWE-294	Authentication Bypass by Capture-replay
CWE-300	Channel Accessible by Non-Endpoint
CWE-593	Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
CWE-724	OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management

Session Sidejacking

CWE-294	Authentication Bypass by Capture-replay
CWE-319	Cleartext Transmission of Sensitive Information
CWE-522	Insufficiently Protected Credentials
CWE-523	Unprotected Transport of Credentials
CWE-614	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Reusing Session IDs (aka Session Replay)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-285	Improper Authorization
CWE-290	Authentication Bypass by Spoofing
CWE-294	Authentication Bypass by Capture-replay
CWE-346	Origin Validation Error
CWE-384	Session Fixation
CWE-488	Exposure of Data Element to Wrong Session
CWE-539	Use of Persistent Cookies Containing Sensitive Information
CWE-664	Improper Control of a Resource Through its Lifetime
CWE-732	Incorrect Permission Assignment for Critical Resource

Back to Top