CWE-522 - Insufficiently Protected Credentials
- Abstraction:Class
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: An attacker could gain access to user accounts and access sensitive data used by the user accounts.
Related Weaknesses
CWE-287Improper AuthenticationHigh