| Exploitation of Trusted Identifiers |
|
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
CWE-642
|
External Control of Critical State Data
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
| Exploiting Trust in Client |
|
CWE-20
|
Improper Input Validation
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-287
|
Improper Authentication
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-693
|
Protection Mechanism Failure
|
|
| Creating a Rogue Certification Authority Certificate |
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-295
|
Improper Certificate Validation
|
|
CWE-327
|
Use of a Broken or Risky Cryptographic Algorithm
|
|
| Web Services API Signature Forgery Leveraging Hash Function Extension Weakness |
|
| Signature Spoof |
|
CWE-20
|
Improper Input Validation
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-327
|
Use of a Broken or Risky Cryptographic Algorithm
|
|
| Signature Spoofing by Misrepresentation |
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
| Session Credential Falsification through Prediction |
|
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-330
|
Use of Insufficiently Random Values
|
|
CWE-331
|
Insufficient Entropy
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-693
|
Protection Mechanism Failure
|
|
| Reusing Session IDs (aka Session Replay) |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Bluetooth Impersonation AttackS (BIAS) |
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
| Adversary in the Middle (AiTM) |
|
CWE-287
|
Improper Authentication
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-300
|
Channel Accessible by Non-Endpoint
|
|
CWE-593
|
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
|
|