1. Home
  2. Weaknesses
  3. CWE-311

CWE-311: Missing Encryption of Sensitive Data

ID CWE-311
Abstraction Class
Structure Simple
Status Draft
Number of CVEs 454
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product does not encrypt sensitive or critical information before storage or transmission.

The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.

Modes of Introduction

Phase Note
Architecture and Design OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Operation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-693 Protection Mechanism Failure Pillar Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies CWE-311
CAPEC-37 Retrieve Embedded Sensitive Data CWE-311
CAPEC-65 Sniff Application Code CWE-311
CAPEC-157 Sniffing Attacks CWE-311
CAPEC-158 Sniffing Network Traffic CWE-311
CAPEC-204 Lifting Sensitive Data Embedded in Cache CWE-311
CAPEC-383 Harvesting Information via API Event Monitoring CWE-311
CAPEC-384 Application API Message Manipulation via Man-in-the-Middle CWE-311
CAPEC-385 Transaction or Event Tampering via Application API Manipulation CWE-311
CAPEC-386 Application API Navigation Remapping CWE-311
CAPEC-387 Navigation Remapping To Propagate Malicious Content CWE-311
CAPEC-388 Application API Button Hijacking CWE-311
CAPEC-477 Signature Spoofing by Mixing Signed and Unsigned Content CWE-311
CAPEC-609 Cellular Traffic Intercept CWE-311

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date