|
Sniffing Attacks
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
|
Sniffing Network Traffic
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
|
Lifting Sensitive Data Embedded in Cache
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-524
|
Use of Cache Containing Sensitive Information
|
|
CWE-1239
|
Improper Zeroization of Hardware Register
|
|
CWE-1258
|
Exposure of Sensitive System Information Due to Uncleared Debug Information
|
|
|
Accessing/Intercepting/Modifying HTTP Cookies
|
|
CWE-20
|
Improper Input Validation
|
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
|
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
|
CWE-384
|
Session Fixation
|
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-565
|
Reliance on Cookies without Validation and Integrity Checking
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
CWE-642
|
External Control of Critical State Data
|
|
|
Retrieve Embedded Sensitive Data
|
|
CWE-226
|
Sensitive Information in Resource Not Removed Before Reuse
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-312
|
Cleartext Storage of Sensitive Information
|
|
CWE-314
|
Cleartext Storage in the Registry
|
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
|
CWE-318
|
Cleartext Storage of Sensitive Information in Executable
|
|
CWE-525
|
Use of Web Browser Cache Containing Sensitive Information
|
|
CWE-1239
|
Improper Zeroization of Hardware Register
|
|
CWE-1258
|
Exposure of Sensitive System Information Due to Uncleared Debug Information
|
|
CWE-1266
|
Improper Scrubbing of Sensitive Data from Decommissioned Device
|
|
CWE-1272
|
Sensitive Information Uncleared Before Debug/Power State Transition
|
|
CWE-1278
|
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
|
|
CWE-1301
|
Insufficient or Incomplete Data Removal within Hardware Component
|
|
CWE-1330
|
Remanent Data Readable after Memory Erase
|
|
|
Harvesting Information via API Event Monitoring
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
|
CWE-419
|
Unprotected Primary Channel
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Application API Message Manipulation via Man-in-the-Middle
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Transaction or Event Tampering via Application API Manipulation
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Application API Navigation Remapping
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Navigation Remapping To Propagate Malicious Content
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Application API Button Hijacking
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Signature Spoofing by Mixing Signed and Unsigned Content
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
|
CWE-693
|
Protection Mechanism Failure
|
|
|
Cellular Traffic Intercept
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
|
Sniff Application Code
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-318
|
Cleartext Storage of Sensitive Information in Executable
|
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
|
CWE-693
|
Protection Mechanism Failure
|
|