CWE-296 – Improper Following of a Certificate’s Chain of Trust
Description The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect...
CWE-295 – Improper Certificate Validation
Description The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof...
CWE-294 – Authentication Bypass by Capture-replay
Description A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication...
CWE-293 – Using Referer Field for Authentication
Description The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking. The referer...
CWE-292 – DEPRECATED: Trusting Self-reported DNS Name
Description This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350. Modes of Introduction: ...
CWE-291 – Reliance on IP Address for Authentication
Description The software uses an IP address for authentication. IP addresses can be easily spoofed. Attackers can forge the source IP address of the packets...
CWE-290 – Authentication Bypass by Spoofing
Description This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks. Modes of Introduction: - Architecture and Design ...
CWE-29 – Path Traversal: ‘..filename’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '..filename' (leading...
CWE-289 – Authentication Bypass by Alternate Name
Description The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it...
CWE-288 – Authentication Bypass Using an Alternate Path or Channel
Description A product requires authentication, but the product has an alternate path or channel that does not require authentication. Modes of Introduction: - Architecture and...