CWE - CWE-718: OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management (2.11)

Category ID: 718

Status: Incomplete

Description

Description Summary

Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2007.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ParentOf	Weakness Class	287	Improper Authentication	Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOf	Weakness Variant	301	Reflection Attack in an Authentication Protocol	Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOf	Weakness Base	522	Insufficiently Protected Credentials	Weaknesses in OWASP Top Ten (2007) (primary)629
MemberOf	View	629	Weaknesses in OWASP Top Ten (2007)	Weaknesses in OWASP Top Ten (2007) (primary)629

Related Attack Patterns

CAPEC-ID	Attack Pattern Name	(CAPEC Version: 2.10)
CAPEC-50	Password Recovery Exploitation
CAPEC-90	Reflection Attack in Authentication Protocol

References

OWASP. "Top 10 2007-Broken Authentication and Session Management". 2007. <http://www.owasp.org/index.php/Top_10_2007-A7>.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2008-09-09		MITRE	Internal CWE Team
2008-09-09
Modifications
Modification Date	Modifier	Organization	Source
2009-12-28	CWE Content Team	MITRE	Internal
2009-12-28	updated Related_Attack_Patterns

Common Weakness Enumeration


	Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org. CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2017, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.	Privacy policy Terms of use Contact us