Please enable JavaScript.
Coggle requires JavaScript to display documents.
Weaknesses (Authentication weaknesses (Credential weaknesses (Weak…
Weaknesses
Authentication weaknesses
Missing Authentication for Critical Function (CWE-306)
Authentication Bypass (CWE-290, CWE-294)
Improper Restriction of Excessive Authentication Attempts (CWE-307)
Credential weaknesses
Weak Password Requirements (CWE-521)
Insufficiently Protected Credentials (CWE-522)
Weak Password Recovery Mechanism for Forgotten Password (CWE-640)
Hard-coded credentials (CWE-798, CWE-259)
Improper Certificate Validation (CWE-295)
Improper Authentication (CWE-287)
Authorisation weaknesses
Incorrect/Improper/Missing Authorization (CWE-863, CWE-285, CWE-862)
Authorization Bypass Through User-Controlled Key (CWE-639)
Improper Privilege Management (CWE-269)
Improper Check for Dropped Privileges (CWE-273)
Incorrect Permission assignment for critical resources (CWE-732)
Improper preservation of Permissions (CWE-281)
Incorrect Default Permissions (CWE-276)
Improper Access Control (CWE-284)
Protection weaknesses
Cleartext Storage of Sensitive Information (CWE-312)
Cleartext Transmission of Sensitive Information (CWE-319)
Missing Encryption of sensitive data (CWE-311)