CWE-523 - Unprotected Transport of Credentials

Description

Login pages not using adequate measures to protect the user name and password while they are in transit from the client to the server. This weakness is caused by missing a security tactic during Architecture and Design stage.

Latest vulnerabilities for CWE-523

Credentials disclosure in Go SDK for CloudEvents 2024-04-03
Medium Yes

Multiple vulnerabilities in PiiGAB M-Bus 2023-07-07
High Yes

Multiple vulnerabilities in IBM Aspera Connect and IBM Aspera Cargo 2023-06-07
High Yes

Information disclosure in FortiAnalyzer 2023-04-12
Medium Yes

Multiple vulnerabilities in Puppet Labs products 2022-05-04
Medium Yes

Multiple vulnerabilities in IDEC PLCs 2022-01-07
Low Yes

Multiple vulnerabilities in Moxa MXview Network Management Software 2021-10-06
High Yes

Information disclosure in ABB Ellipse 2017-12-22
Low Yes

References

Description of CWE-523 on Mitre website