CAPEC Related Weakness
Accessing/Intercepting/Modifying HTTP Cookies
CWE-20Improper Input Validation
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-311Missing Encryption of Sensitive Data
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-384Session Fixation
CWE-472External Control of Assumed-Immutable Web Parameter
CWE-539Information Exposure Through Persistent Cookies
CWE-565Reliance on Cookies without Validation and Integrity Checking
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-724OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Lifting Data Embedded in Client Distributions
CWE-311Missing Encryption of Sensitive Data
CWE-312Cleartext Storage of Sensitive Information
CWE-314Cleartext Storage in the Registry
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-318Cleartext Storage of Sensitive Information in Executable
CWE-525Information Exposure Through Browser Caching
Manipulating Opaque Client-based Data Tokens
CWE-233Improper Handling of Parameters
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-353Missing Support for Integrity Check
CWE-384Session Fixation
CWE-472External Control of Assumed-Immutable Web Parameter
CWE-539Information Exposure Through Persistent Cookies
CWE-565Reliance on Cookies without Validation and Integrity Checking
Manipulating User State
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-353Missing Support for Integrity Check
CWE-371State Issues
CWE-372Incomplete Internal State Distinction
CWE-693Protection Mechanism Failure
Back to Top