CWE-522

Insufficiently Protected Credentials

AI Translation Available

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Status

incomplete

Abstraction

class

Affected Platforms

ICS/OT Not Technology-Specific Web Based

Technical Details

AI Translation

Common Consequences

access control

Impacts

gain privileges or assume identity

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• Use an appropriate security mechanism to protect the credentials.

• Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.).

• Make appropriate use of cryptography to protect the credentials.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

ottenere privilegi o assumere identità

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• Utilizzare un meccanismo di sicurezza appropriato per proteggere le credenziali.

• Utilizzare gli standard di settore per proteggere le credenziali (ad esempio LDAP, keystore, ecc.).

• Fare un uso appropriato della crittografia per proteggere le credenziali.

CWE-522

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter