CWE-523 - Unprotected Transport of Credentials

CWE-523

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Unprotected Transport of Credentials

Description: Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity

Related Weaknesses

CWE-312Cleartext Storage of Sensitive Information

CWE-522Insufficiently Protected Credentials

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard