Unprotected Transport of Credentials
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
SSL (Secure Socket Layer) provides data confidentiality and integrity to HTTP. By encrypting HTTP messages, SSL protects from attackers eavesdropping or altering message contents.
Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2017.
Weaknesses in this category are related to the design and architecture of data confidentiality in a system. Frequently these deal with the use of encryption libraries....
This category identifies Software Fault Patterns (SFPs) within the Exposed Data cluster (SFP23).
This view (slice) covers all the elements in CWE.
This view (slice) lists weaknesses that can be introduced during design.
This view (slice) displays only weakness base elements.