Insufficiently Protected Credentials

This weakness occurs when the application transmits or stores authentication credentials and uses an insecure method that is susceptible to unauthorized interception and/or retrieval. An attacker can gain access to user accounts and access sensitive data used by the user accounts. The weakness is introduced during Architecture and Design, Implementation stages.