CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE CATEGORY: OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management

Category ID: 930
Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2013.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness VariantWeakness Variant256Plaintext Storage of a Password
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness ClassWeakness Class287Improper Authentication
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness BaseWeakness Base311Missing Encryption of Sensitive Data
Weaknesses in OWASP Top Ten (2013)928
ParentOfWeakness BaseWeakness Base319Cleartext Transmission of Sensitive Information
Weaknesses in OWASP Top Ten (2013)928
ParentOfCompound Element: CompositeCompound Element: Composite384Session Fixation
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness BaseWeakness Base522Insufficiently Protected Credentials
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness VariantWeakness Variant523Unprotected Transport of Credentials
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness BaseWeakness Base613Insufficient Session Expiration
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness VariantWeakness Variant620Unverified Password Change
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness BaseWeakness Base640Weak Password Recovery Mechanism for Forgotten Password
Weaknesses in OWASP Top Ten (2013) (primary)928
MemberOfViewView928Weaknesses in OWASP Top Ten (2013)
Weaknesses in OWASP Top Ten (2013) (primary)928
+ References
OWASP. "Top 10 2013-A2-Broken Authentication and Session Management". <https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management>.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2013-07-17MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2014-06-23CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017