CWE-522: Insufficiently Protected Credentials
ID
CWE-522
Abstraction
Class
Structure
Simple
Status
Incomplete
Number of CVEs
1052
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Modes of Introduction
| Phase | Note |
|---|---|
| Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
| Implementation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Not Language-Specific | ||
| Technology | ICS/OT |
Relationships
| View | Weakness | |||||||
|---|---|---|---|---|---|---|---|---|
| # ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
| CWE-1000 | Research Concepts | Draft | CWE-1390 | Weak Authentication | Class | Simple | Incomplete | |
| CWE-1003 | Weaknesses for Simplified Mapping of Published Vulnerabilities | Incomplete | CWE-287 | Improper Authentication | Class | Simple | Draft | |
| CWE-1000 | Research Concepts | Draft | CWE-668 | Exposure of Resource to Wrong Sphere | Class | Simple | Draft | |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org| # ID | Name | Weaknesses |
|---|---|---|
| CAPEC-50 | Password Recovery Exploitation | CWE-522 |
| CAPEC-102 | Session Sidejacking | CWE-522 |
| CAPEC-474 | Signature Spoofing by Key Theft | CWE-522 |
| CAPEC-509 | Kerberoasting | CWE-522 |
| CAPEC-551 | Modify Existing Service | CWE-522 |
| CAPEC-555 | Remote Services with Stolen Credentials | CWE-522 |
| CAPEC-560 | Use of Known Domain Credentials | CWE-522 |
| CAPEC-561 | Windows Admin Shares with Stolen Credentials | CWE-522 |
| CAPEC-600 | Credential Stuffing | CWE-522 |
| CAPEC-644 | Use of Captured Hashes (Pass The Hash) | CWE-522 |
| CAPEC-645 | Use of Captured Tickets (Pass The Ticket) | CWE-522 |
| CAPEC-652 | Use of Known Kerberos Credentials | CWE-522 |
| CAPEC-653 | Use of Known Operating System Credentials | CWE-522 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...