CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE CATEGORY: 7PK - Security Features

Category ID: 254
Status: Incomplete
+ Summary
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
+ Membership
NatureTypeIDName
MemberOfCategoryCategory18Source Code
MemberOfViewView699Development Concepts
MemberOfViewView700Seven Pernicious Kingdoms
HasMemberCategoryCategory255Credentials Management
HasMemberCategoryCategory255Credentials Management
HasMemberVariantVariant256Plaintext Storage of a Password
HasMemberVariantVariant258Empty Password in Configuration File
HasMemberBaseBase259Use of Hard-coded Password
HasMemberVariantVariant260Password in Configuration File
HasMemberVariantVariant261Weak Cryptography for Passwords
HasMemberCategoryCategory264Permissions, Privileges, and Access Controls
HasMemberCategoryCategory264Permissions, Privileges, and Access Controls
HasMemberBaseBase272Least Privilege Violation
HasMemberClassClass285Improper Authorization
HasMemberBaseBase295Improper Certificate Validation
HasMemberCategoryCategory310Cryptographic Issues
HasMemberCategoryCategory310Cryptographic Issues
HasMemberClassClass330Use of Insufficiently Random Values
HasMemberClassClass330Use of Insufficiently Random Values
HasMemberClassClass330Use of Insufficiently Random Values
HasMemberClassClass345Insufficient Verification of Data Authenticity
HasMemberClassClass345Insufficient Verification of Data Authenticity
HasMemberBaseBase358Improperly Implemented Security Check for Standard
HasMemberBaseBase358Improperly Implemented Security Check for Standard
HasMemberClassClass359Exposure of Private Information ('Privacy Violation')
HasMemberClassClass359Exposure of Private Information ('Privacy Violation')
HasMemberBaseBase565Reliance on Cookies without Validation and Integrity Checking
HasMemberBaseBase602Client-Side Enforcement of Server-Side Security
HasMemberBaseBase653Insufficient Compartmentalization
HasMemberBaseBase654Reliance on a Single Factor in a Security Decision
HasMemberBaseBase655Insufficient Psychological Acceptability
HasMemberBaseBase656Reliance on Security Through Obscurity
HasMemberClassClass693Protection Mechanism Failure
HasMemberClassClass693Protection Mechanism Failure
HasMemberBaseBase778Insufficient Logging
HasMemberBaseBase779Logging of Excessive Data
HasMemberBaseBase798Use of Hard-coded Credentials
HasMemberBaseBase807Reliance on Untrusted Inputs in a Security Decision
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
7 Pernicious Kingdoms
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITRE
updated Relationships, Taxonomy_Mappings
2009-07-27CWE Content TeamMITRE
updated Relationships
2010-02-16CWE Content TeamMITRE
updated Relationships
2015-12-07CWE Content TeamMITRE
updated Relationships
2017-01-19CWE Content TeamMITRE
updated Relationships
2017-11-08CWE Content TeamMITRE
updated Name, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2017-11-08Security Features

More information is available — Please select a different filter.
Page Last Updated: November 14, 2017