CWE-268 – Privilege Chaining
Description Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not...
CWE-267 – Privilege Defined With Unsafe Actions
Description A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to...
CWE-266 – Incorrect Privilege Assignment
Description A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. Modes of Introduction: - Architecture...
CWE-263 – Password Aging with Long Expiration
Description Allowing password aging to occur unchecked can result in the possibility of diminished password integrity. Just as neglecting to include functionality for the management...
CWE-262 – Not Using Password Aging
Description If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner. Security experts...
CWE-261 – Weak Encoding for Password
Description Obscuring a password with a trivial encoding does not protect the password. Password management issues occur when a password is stored in plaintext in...
CWE-260 – Password in Configuration File
Description The software stores a password in a configuration file that might be accessible to actors who do not know the password. This can result...
CWE-26 – Path Traversal: ‘/dir/../filename’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences...
CWE-259 – Use of Hard-coded Password
Description The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. Modes of Introduction:...
CWE-258 – Empty Password in Configuration File
Description Using an empty string as a password is insecure. Modes of Introduction: - Architecture and Design Likelihood of Exploit: High Related Weaknesses...