CWE-306 – Missing Authentication for Critical Function
Description The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Modes of...
CWE-307 – Improper Restriction of Excessive Authentication Attempts
Description The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to...
CWE-308 – Use of Single-factor Authentication
Description The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. While the...
CWE-309 – Use of Password System for Primary Authentication
Description The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of...
CWE-31 – Path Traversal: ‘dir….filename’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir....filename' (multiple...
CWE-311 – Missing Encryption of Sensitive Data
Description The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of...
CWE-312 – Cleartext Storage of Sensitive Information
Description The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Because the information is stored in...
CWE-313 – Cleartext Storage in a File or on Disk
Description The application stores sensitive information in cleartext in a file, or on disk. The sensitive information could be read by attackers with access to...
CWE-314 – Cleartext Storage in the Registry
Description The application stores sensitive information in cleartext in the registry. Attackers can read the information by accessing the registry key. Even if the information...
CWE-315 – Cleartext Storage of Sensitive Information in a Cookie
Description The application stores sensitive information in cleartext in a cookie. Attackers can use widely-available tools to view the cookie and read the sensitive information....