CWE-524 – Use of Cache Containing Sensitive Information
Description The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere....
CWE-523 – Unprotected Transport of Credentials
Description Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the...
CWE-522 – Insufficiently Protected Credentials
Description The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Modes of Introduction:...
CWE-521 – Weak Password Requirements
Description The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. Authentication mechanisms often...
CWE-520 – .NET Misconfiguration: Use of Impersonation
Description Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result...
CWE-52 – Path Equivalence: ‘/multiple/trailing/slash//’
Description A software system that accepts path input in the form of multiple trailing slash ('/multiple/trailing/slash//') without appropriate validation can lead to ambiguous path resolution...
CWE-516 – DEPRECATED: Covert Timing Channel
Description This weakness can be found at CWE-385. Modes of Introduction: Related Weaknesses Consequences Potential Mitigations CVE References
CWE-515 – Covert Storage Channel
Description A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes...
CWE-514 – Covert Channel
Description A covert channel is a path that can be used to transfer information in a way not intended by the system's designers. Typically the...
CWE-512 – Spyware
Description The software collects personally identifiable information about a human user or the user's activities, but the software accesses this information using other resources besides...