CWE-522 - CERT CVE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CAPEC ID Naziv
CAPEC-102 Session Sidejacking
CAPEC-474 Signature Spoofing by Key Theft
CAPEC-50 Password Recovery Exploitation
CAPEC-509 Kerberoasting
CAPEC-551 Modify Existing Service
CAPEC-555 Remote Services with Stolen Credentials
CAPEC-560 Use of Known Domain Credentials
CAPEC-561 Windows Admin Shares with Stolen Credentials
CAPEC-600 Credential Stuffing
CAPEC-644 Use of Captured Hashes (Pass The Hash)
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
CAPEC-652 Use of Known Kerberos Credentials
CAPEC-653 Use of Known Windows Credentials