Categories

The software stores sensitive information without properly limiting read or write access by unauthorized actors.

A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Weaknesses in this category are typically introduced during code development, including specification, design, and implementation.

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

The software does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.