CWE-309 |
The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism. |
CWE-31 |
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir\..\..\filename' (multiple internal backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
CWE-312 |
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
CWE-313 |
The application stores sensitive information in cleartext in a file, or on disk. |
CWE-314 |
The application stores sensitive information in cleartext in the registry. |
CWE-315 |
The application stores sensitive information in cleartext in a cookie. |
CWE-316 |
The application stores sensitive information in cleartext in memory. |
CWE-317 |
The application stores sensitive information in cleartext within the GUI. |
CWE-318 |
The application stores sensitive information in cleartext in an executable. |
CWE-319 |
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |