Business Logic Errors (CWE-840)
Cleartext Storage of Sensitive Information (CWE-312)
Cleartext Transmission of Sensitive Information (CWE-319)
Denial of Service (CWE-400)
Deserialization of Untrusted Data (CWE-502)
Information Disclosure (CWE-200)
Information Exposure Through Debug Information (CWE-215)
Information Exposure Through Directory Listing (CWE-548)
Information Exposure Through an Error Message (CWE-209)
Insecure Storage of Sensitive Information (CWE-922)
Insufficient Session Expiration (CWE-613)
Insufficiently Protected Credentials (CWE-522)
Man-in-the-Middle (CWE-300)
Missing Encryption of Sensitive Data (CWE-311)
Open Redirect (CWE-601)
Password in Configuration File (CWE-260)
Plaintext Storage of a Password (CWE-256)
Privacy Violation (CWE-359)
Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)
Storing Passwords in a Recoverable Format (CWE-257)
UI Redressing (Clickjacking) (CAPEC-103)
Unprotected Transport of Credentials (CWE-523)
Unverified Password Change (CWE-620)
Use of Hard-coded Credentials (CWE-798)
Use of Hard-coded Password (CWE-259)
Violation of Secure Design Principles (CWE-657)
Weak Cryptography for Passwords (CWE-261)
Weak Password Recovery Mechanism for Forgotten Password (CWE-640)
XML Entity Expansion (CWE-776)