| Authentication Abuse |
|
CWE-287
|
Improper Authentication
|
|
CWE-1244
|
Improper Access to Sensitive Information Using Debug and Test Interfaces
|
|
| Authentication Bypass |
|
| Identity Spoofing |
|
| Fake the Source of Data |
|
| Exploiting Trust in Client |
|
CWE-20
|
Improper Input Validation
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-287
|
Improper Authentication
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-693
|
Protection Mechanism Failure
|
|
| Utilizing REST's Trust in the System Resource to Obtain Sensitive Data |
|
CWE-287
|
Improper Authentication
|
|
CWE-300
|
Channel Accessible by Non-Endpoint
|
|
CWE-693
|
Protection Mechanism Failure
|
|
| Session Hijacking |
|
| Token Impersonation |
|
CWE-287
|
Improper Authentication
|
|
CWE-1270
|
Generation of Incorrect Security Tokens
|
|
| Upload a Web Shell to a Web Server |
|
CWE-287
|
Improper Authentication
|
|
CWE-553
|
Command Shell in Externally Accessible Directory
|
|
| Adversary in the Middle (AiTM) |
|
CWE-287
|
Improper Authentication
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-300
|
Channel Accessible by Non-Endpoint
|
|
CWE-593
|
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
|
|