Session Sidejacking |
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
CWE-522
|
Insufficiently Protected Credentials
|
CWE-523
|
Unprotected Transport of Credentials
|
CWE-614
|
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
|
Interception |
CWE-319
|
Cleartext Transmission of Sensitive Information
|
|
Harvesting Information via API Event Monitoring |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
CWE-419
|
Unprotected Primary Channel
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
Signature Spoofing by Mixing Signed and Unsigned Content |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
CWE-693
|
Protection Mechanism Failure
|
|
Sniff Application Code |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-318
|
Cleartext Storage of Sensitive Information in Executable
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
CWE-693
|
Protection Mechanism Failure
|
|