Weakness Name | |
---|---|
CWE-311 |
Missing Encryption of Sensitive Data The product does not encrypt sensitive or critical information before storage or transmission. |
CWE-319 |
Cleartext Transmission of Sensitive Information The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
CWE-419 |
Unprotected Primary Channel The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel. |
CWE-602 |
Client-Side Enforcement of Server-Side Security The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Name | Organization | Date | Date release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated Resources_Required | |
CAPEC Content Team | The MITRE Corporation | Updated Description | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns, Taxonomy_Mappings |