|
Session Sidejacking
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
CWE-523
|
Unprotected Transport of Credentials
|
|
CWE-614
|
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
|
|
Kerberoasting
|
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
|
Remote Services with Stolen Credentials
|
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
|
Windows Admin Shares with Stolen Credentials
|
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-521
|
Weak Password Requirements
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
|
Reusing Session IDs (aka Session Replay)
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
|
Use of Captured Hashes (Pass The Hash)
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
CWE-836
|
Use of Password Hash Instead of Password for Authentication
|
|
|
Use of Captured Tickets (Pass The Ticket)
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
|
Use of Known Kerberos Credentials
|
|
CWE-262
|
Not Using Password Aging
|
|
CWE-263
|
Password Aging with Long Expiration
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts
|
|
CWE-308
|
Use of Single-factor Authentication
|
|
CWE-309
|
Use of Password System for Primary Authentication
|
|
CWE-522
|
Insufficiently Protected Credentials
|
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
CWE-836
|
Use of Password Hash Instead of Password for Authentication
|
|
|
Browser in the Middle (BiTM)
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
|
Adversary in the Middle (AiTM)
|
|
CWE-287
|
Improper Authentication
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-300
|
Channel Accessible by Non-Endpoint
|
|
CWE-593
|
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
|
|