CAPEC Related Weakness
Interception
CWE-311Missing Encryption of Sensitive Data
Screen Temporary Files for Sensitive Information
CWE-311Missing Encryption of Sensitive Data
Sniffing Attacks
CWE-311Missing Encryption of Sensitive Data
Sniffing Network Traffic
CWE-311Missing Encryption of Sensitive Data
Lifting Sensitive Data from the Client
CWE-311Missing Encryption of Sensitive Data
CWE-642External Control of Critical State Data
Footprinting
CWE-200Information Exposure
CWE-202Exposure of Sensitive Data Through Data Queries
CWE-276Incorrect Default Permissions
CWE-311Missing Encryption of Sensitive Data
CWE-312Cleartext Storage of Sensitive Information
CWE-319Cleartext Transmission of Sensitive Information
CWE-497Exposure of System Data to an Unauthorized Control Sphere
CWE-538File and Directory Information Exposure
Lifting cached, sensitive data embedded in client distributions (thick or thin)
CWE-311Missing Encryption of Sensitive Data
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
CWE-311Missing Encryption of Sensitive Data
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
CWE-311Missing Encryption of Sensitive Data
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
CWE-311Missing Encryption of Sensitive Data
Accessing/Intercepting/Modifying HTTP Cookies
CWE-20Improper Input Validation
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-311Missing Encryption of Sensitive Data
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-384
CWE-472External Control of Assumed-Immutable Web Parameter
CWE-539Information Exposure Through Persistent Cookies
CWE-565Reliance on Cookies without Validation and Integrity Checking
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-724
Lifting Data Embedded in Client Distributions
CWE-311Missing Encryption of Sensitive Data
CWE-312Cleartext Storage of Sensitive Information
CWE-314Cleartext Storage in the Registry
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-318Cleartext Storage of Sensitive Information in Executable
CWE-525Information Exposure Through Browser Caching
Harvesting Usernames or UserIDs via Application API Event Monitoring
CWE-311Missing Encryption of Sensitive Data
CWE-319Cleartext Transmission of Sensitive Information
CWE-419Unprotected Primary Channel
CWE-602Client-Side Enforcement of Server-Side Security
Application API Message Manipulation via Man-in-the-Middle
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Transaction or Event Tampering via Application API Manipulation
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Application API Navigation Remapping
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Navigation Remapping To Propagate Malicious Content
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Application API Button Hijacking
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-471Modification of Assumed-Immutable Data (MAID)
CWE-602Client-Side Enforcement of Server-Side Security
Content Spoofing Via Application API Manipulation
CWE-311Missing Encryption of Sensitive Data
CWE-345Insufficient Verification of Data Authenticity
CWE-346Origin Validation Error
CWE-602Client-Side Enforcement of Server-Side Security
Signature Spoofing by Mixing Signed and Unsigned Content
CWE-311Missing Encryption of Sensitive Data
CWE-319Cleartext Transmission of Sensitive Information
CWE-693Protection Mechanism Failure
Passively Sniff and Capture Application Code Bound for Authorized Client
CWE-311Missing Encryption of Sensitive Data
CWE-318Cleartext Storage of Sensitive Information in Executable
CWE-319Cleartext Transmission of Sensitive Information
CWE-693Protection Mechanism Failure
CWE-719
Back to Top