CWE-620 – Unverified Password Change
Description When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication....
CWE-522 – Insufficiently Protected Credentials
Description The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Modes of Introduction:...