CWE-315 – Cleartext Storage of Sensitive Information in a Cookie
Description The application stores sensitive information in cleartext in a cookie. Attackers can use widely-available tools to view the cookie and read the sensitive information....
CWE-316 – Cleartext Storage of Sensitive Information in Memory
Description The application stores sensitive information in cleartext in memory. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-312 Consequences Confidentiality:...
CWE-317 – Cleartext Storage of Sensitive Information in GUI
Description The application stores sensitive information in cleartext within the GUI. An attacker can often obtain data from a GUI, even if hidden, by using...
CWE-280 – Improper Handling of Insufficient Permissions or Privileges
Description The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This...
CWE-281 – Improper Preservation of Permissions
Description The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive...
CWE-282 – Improper Ownership Management
Description The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. Modes of Introduction: - Architecture and...
CWE-283 – Unverified Ownership
Description The software does not properly verify that a critical resource is owned by the proper entity. Modes of Introduction: - Architecture and Design ...
CWE-284 – Improper Access Control
Description The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Modes of Introduction: - Architecture and Design ...
CWE-285 – Improper Authorization
Description The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. An...
CWE-286 – Incorrect User Management
Description The software does not properly manage a user within its environment. Users can be assigned to the wrong group (class) of permissions resulting in...