CAPEC Related Weakness
Accessing Functionality Not Properly Constrained by ACLs
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-434Unrestricted Upload of File with Dangerous Type
CWE-693Protection Mechanism Failure
CWE-721OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732Incorrect Permission Assignment for Critical Resource
Cross Site Tracing
CWE-648Incorrect Use of Privileged APIs
CWE-693Protection Mechanism Failure
Directory Indexing
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-288Authentication Bypass Using an Alternate Path or Channel
CWE-424Improper Protection of Alternate Path
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
CWE-721OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732Incorrect Permission Assignment for Critical Resource
Dictionary-based Password Attack
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-521Weak Password Requirements
CWE-693Protection Mechanism Failure
Using Malicious Files
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-264Permissions, Privileges, and Access Controls
CWE-270Privilege Context Switching Error
CWE-272Least Privilege Violation
CWE-275Permission Issues
CWE-282Improper Ownership Management
CWE-285Improper Authorization
CWE-693Protection Mechanism Failure
CWE-732Incorrect Permission Assignment for Critical Resource
Encryption Brute Forcing
CWE-326Inadequate Encryption Strength
CWE-327Use of a Broken or Risky Cryptographic Algorithm
CWE-693Protection Mechanism Failure
CWE-719OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Exploiting Trust in Client
CWE-20Improper Input Validation
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-287Improper Authentication
CWE-290Authentication Bypass by Spoofing
CWE-693Protection Mechanism Failure
Escaping a Sandbox by Calling Signed Code in Another Language
CWE-693Protection Mechanism Failure
Using Unpublished APIs
CWE-306Missing Authentication for Critical Function
CWE-693Protection Mechanism Failure
CWE-695Use of Low-Level Functionality
Signature Spoofing by Mixing Signed and Unsigned Content
CWE-311Missing Encryption of Sensitive Data
CWE-319Cleartext Transmission of Sensitive Information
CWE-693Protection Mechanism Failure
Password Brute Forcing
CWE-257Storing Passwords in a Recoverable Format
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-521Weak Password Requirements
CWE-693Protection Mechanism Failure
Poison Web Service Registry
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-285Improper Authorization
CWE-693Protection Mechanism Failure
Rainbow Table Password Cracking
CWE-261Weak Encoding for Password
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-521Weak Password Requirements
CWE-693Protection Mechanism Failure
CWE-719OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
CWE-916Use of Password Hash With Insufficient Computational Effort
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
CWE-287Improper Authentication
CWE-300Channel Accessible by Non-Endpoint
CWE-693Protection Mechanism Failure
CWE-724OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Session Credential Falsification through Prediction
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-330Use of Insufficiently Random Values
CWE-331Insufficient Entropy
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-488Exposure of Data Element to Wrong Session
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-693Protection Mechanism Failure
CWE-719OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Sniff Application Code
CWE-311Missing Encryption of Sensitive Data
CWE-318Cleartext Storage of Sensitive Information in Executable
CWE-319Cleartext Transmission of Sensitive Information
CWE-693Protection Mechanism Failure
CWE-719OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Try Common or Default Usernames and Passwords
CWE-262Not Using Password Aging
CWE-263Password Aging with Long Expiration
CWE-521Weak Password Requirements
CWE-693Protection Mechanism Failure
CWE-798Use of Hard-coded Credentials
Manipulating User State
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-353Missing Support for Integrity Check
CWE-371State Issues
CWE-372Incomplete Internal State Distinction
CWE-693Protection Mechanism Failure
Forceful Browsing
CWE-285Improper Authorization
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
Escaping Virtualization
CWE-693Protection Mechanism Failure
Back to Top