CWE-258 – Empty Password in Configuration File
Description Using an empty string as a password is insecure. Modes of Introduction: - Architecture and Design Likelihood of Exploit: High Related Weaknesses...
CWE-259 – Use of Hard-coded Password
Description The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. Modes of Introduction:...
CWE-22 – Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Description The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted...
CWE-220 – Storage of File With Sensitive Data Under FTP Root
Description The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties. Various Unix...
CWE-221 – Information Loss or Omission
Description The software does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis. This can be resultant,...
CWE-222 – Truncation of Security-relevant Information
Description The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack....
CWE-223 – Omission of Security-relevant Information
Description The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if...
CWE-224 – Obscured Security-relevant Information by Alternate Name
Description The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name. Modes of Introduction: - Architecture...
CWE-225 – DEPRECATED: General Information Management Problems
Description This weakness can be found at CWE-199. Modes of Introduction: Related Weaknesses Consequences Potential Mitigations CVE References
CWE-226 – Sensitive Information in Resource Not Removed Before Reuse
Description The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not...