CWE-522 (Insufficiently Protected Credentials)
GPTKB entity
Statements (17)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:category |
Security Weakness
|
| gptkbp:citation |
https://cwe.mitre.org/data/definitions/522.html
|
| gptkbp:consequence |
Credentials may be stolen or compromised.
|
| gptkbp:describes |
The application transmits or stores authentication credentials, but it uses insufficient protection mechanisms.
|
| gptkbp:example |
Storing passwords in plaintext in a database.
Transmitting passwords over unencrypted channels. |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-522 (Insufficiently Protected Credentials)
|
| gptkbp:mitigatedBy |
Implement secure password hashing algorithms.
Use strong encryption for credential storage and transmission. |
| gptkbp:name |
Insufficiently Protected Credentials
|
| gptkbp:partOf |
CWE Top 25 (varies by year)
|
| gptkbp:relatedTo |
Authentication
Credential Management |
| gptkbp:vulnerableTo |
gptkb:CWE-522
|
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|