CWE-311 - CERT CVE

CWE-311 - Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission.

CAPEC ID Naziv
CAPEC-157 Sniffing Attacks
CAPEC-158 Sniffing Network Traffic
CAPEC-204 Lifting Sensitive Data Embedded in Cache
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC-383 Harvesting Information via API Event Monitoring
CAPEC-384 Application API Message Manipulation via Man-in-the-Middle
CAPEC-385 Transaction or Event Tampering via Application API Manipulation
CAPEC-386 Application API Navigation Remapping
CAPEC-387 Navigation Remapping To Propagate Malicious Content
CAPEC-388 Application API Button Hijacking
CAPEC-477 Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC-609 Cellular Traffic Intercept
CAPEC-65 Sniff Application Code