CWE-522 - Insufficiently Protected Credentials
CWE-522
- Abstraction:
- Class
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Insufficiently Protected Credentials
- Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
- Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: An attacker could gain access to user accounts and access sensitive data used by the user accounts.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-10-26