The weakness exists due to lack of correct sensitive or important data encryption. Unproperly encrypted information can't provide appropriate confidentiality, integrity and accountability of the system. As application doesn't use a secure channel as SSl attackers can easily obtain sensitive data. Vulnerability also allows malicious users to modify application data.
The weakness is introduced during Architecture and Design, Implication stages.