CAPEC Related Weakness
Session Sidejacking
CWE-294Authentication Bypass by Capture-replay
CWE-319Cleartext Transmission of Sensitive Information
CWE-522Insufficiently Protected Credentials
CWE-523Unprotected Transport of Credentials
CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Reusing Session IDs (aka Session Replay)
CWE-200Information Exposure
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-488Exposure of Data Element to Wrong Session
CWE-539Information Exposure Through Persistent Cookies
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Man in the Middle Attack
CWE-287Improper Authentication
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-300Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
CWE-593Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
CWE-724OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Back to Top