CWE-311: Missing Encryption of Sensitive Data
ID
CWE-311
Abstraction
Class
Structure
Simple
Status
Draft
Number of CVEs
454
The product does not encrypt sensitive or critical information before storage or transmission.
The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
Operation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org# ID | Name | Weaknesses |
---|---|---|
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies | CWE-311 |
CAPEC-37 | Retrieve Embedded Sensitive Data | CWE-311 |
CAPEC-65 | Sniff Application Code | CWE-311 |
CAPEC-157 | Sniffing Attacks | CWE-311 |
CAPEC-158 | Sniffing Network Traffic | CWE-311 |
CAPEC-204 | Lifting Sensitive Data Embedded in Cache | CWE-311 |
CAPEC-383 | Harvesting Information via API Event Monitoring | CWE-311 |
CAPEC-384 | Application API Message Manipulation via Man-in-the-Middle | CWE-311 |
CAPEC-385 | Transaction or Event Tampering via Application API Manipulation | CWE-311 |
CAPEC-386 | Application API Navigation Remapping | CWE-311 |
CAPEC-387 | Navigation Remapping To Propagate Malicious Content | CWE-311 |
CAPEC-388 | Application API Button Hijacking | CWE-311 |
CAPEC-477 | Signature Spoofing by Mixing Signed and Unsigned Content | CWE-311 |
CAPEC-609 | Cellular Traffic Intercept | CWE-311 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...