| CWE-260 |
The software stores a password in a configuration file that might be accessible to actors who do not know the password. |
| CWE-261 |
Obscuring a password with a trivial encoding does not protect the password. |
| CWE-262 |
If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner. |
| CWE-263 |
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity. |
| CWE-266 |
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-267 |
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
| CWE-268 |
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination. |
| CWE-269 |
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
| CWE-27 |
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory. |
| CWE-270 |
The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. |
