CWEs

CWE NameCWE-IDVulnerabilities
Improper Handling of Parameters23318
Failure to Handle Missing Parameter2342
Improper Handling of Extra Parameters2352
Improper Handling of Undefined Parameters2361
Improper Handling of Structural Elements2371
Improper Handling of Incomplete Structural Elements2380
Failure to Handle Incomplete Element2391
Improper Handling of Inconsistent Structural Elements2405
Improper Handling of Unexpected Data Type24122
Use of Inherently Dangerous Function2425
Creation of chroot Jail Without Changing Working Directory2430
Improper Clearing of Heap Memory Before Release ('Heap Inspection')2445
J2EE Bad Practices: Direct Management of Connections2450
J2EE Bad Practices: Direct Use of Sockets2460
Uncaught Exception24891
Execution with Unnecessary Privileges250143
Unchecked Return Value252122
Incorrect Check of Function Return Value25311
Plaintext Storage of a Password256132
Storing Passwords in a Recoverable Format25734
Empty Password in Configuration File2588
Use of Hard-coded Password25996
Password in Configuration File2607
Weak Encoding for Password26122
Not Using Password Aging2623
Password Aging with Long Expiration2631
Incorrect Privilege Assignment266175
Privilege Defined With Unsafe Actions26729
Privilege Chaining26811
Improper Privilege Management2692761
Privilege Context Switching Error27016
Privilege Dropping / Lowering Errors2717
Least Privilege Violation27212
Improper Check for Dropped Privileges27331
Improper Handling of Insufficient Privileges27430
Incorrect Default Permissions2761144
Insecure Inherited Permissions27739
Insecure Preserved Inherited Permissions2784
Incorrect Execution-Assigned Permissions2798
Improper Handling of Insufficient Permissions or Privileges 28074
Improper Preservation of Permissions281249
Improper Ownership Management28217
Unverified Ownership2838
Improper Access Control2842759
Improper Authorization285634
Incorrect User Management28618
Improper Authentication2873882
Authentication Bypass Using an Alternate Path or Channel288210
Authentication Bypass by Alternate Name28910
Authentication Bypass by Spoofing290317
Reliance on IP Address for Authentication2914
Using Referer Field for Authentication2931
Authentication Bypass by Capture-replay294161
Improper Certificate Validation2951060
Improper Following of a Certificate's Chain of Trust2966
Improper Validation of Certificate with Host Mismatch29729
Improper Validation of Certificate Expiration2982
Improper Check for Certificate Revocation2994
Channel Accessible by Non-Endpoint30042
Reflection Attack in an Authentication Protocol3011
Authentication Bypass by Assumed-Immutable Data30217
Incorrect Implementation of Authentication Algorithm30348
Missing Critical Step in Authentication30417
Authentication Bypass by Primary Weakness30579
Missing Authentication for Critical Function3061267
Improper Restriction of Excessive Authentication Attempts307376
Use of Single-factor Authentication3086
Use of Password System for Primary Authentication3090
Missing Encryption of Sensitive Data311478
Cleartext Storage of Sensitive Information312629
Cleartext Storage in a File or on Disk31315
Cleartext Storage in the Registry3140
Cleartext Storage of Sensitive Information in a Cookie3156
Cleartext Storage of Sensitive Information in Memory31619
Cleartext Storage of Sensitive Information in GUI3174
Cleartext Storage of Sensitive Information in Executable3182
Cleartext Transmission of Sensitive Information319675
Use of Hard-coded Cryptographic Key321117
Key Exchange without Entity Authentication32214
Reusing a Nonce, Key Pair in Encryption32323
Use of a Key Past its Expiration Date32412
Missing Cryptographic Step32528
Inadequate Encryption Strength326447
Use of a Broken or Risky Cryptographic Algorithm327530
Use of Weak Hash32824
Generation of Predictable IV with CBC Mode3294
Use of Insufficiently Random Values330323
Insufficient Entropy33186
Insufficient Entropy in PRNG3329
Improper Handling of Insufficient Entropy in TRNG3330
Small Space of Random Values33411
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)33532
Same Seed in Pseudo-Random Number Generator (PRNG)3361
Predictable Seed in Pseudo-Random Number Generator (PRNG)3376
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)338104
Small Seed Space in PRNG3390
Generation of Predictable Numbers or Identifiers3407
Predictable from Observable State3417
Predictable Exact Value from Previous Values3425
Predictable Value Range from Previous Values3432