CWE-297 – Improper Validation of Certificate with Host Mismatch
Description The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with...
CWE-298 – Improper Validation of Certificate Expiration
Description A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age....
CWE-26 – Path Traversal: ‘/dir/../filename’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences...
CWE-260 – Password in Configuration File
Description The software stores a password in a configuration file that might be accessible to actors who do not know the password. This can result...
CWE-261 – Weak Encoding for Password
Description Obscuring a password with a trivial encoding does not protect the password. Password management issues occur when a password is stored in plaintext in...
CWE-262 – Not Using Password Aging
Description If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner. Security experts...
CWE-263 – Password Aging with Long Expiration
Description Allowing password aging to occur unchecked can result in the possibility of diminished password integrity. Just as neglecting to include functionality for the management...
CWE-266 – Incorrect Privilege Assignment
Description A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. Modes of Introduction: - Architecture...
CWE-267 – Privilege Defined With Unsafe Actions
Description A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to...
CWE-268 – Privilege Chaining
Description Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not...