ClassIncomplete
CWE-522Insufficiently Protected Credentials
Category: auth
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Common consequences· 1
- Access Control — Gain Privileges or Assume IdentityAn attacker could gain access to user accounts and access sensitive data used by the user accounts.
Potential mitigations· 3
- [Architecture and Design]Use an appropriate security mechanism to protect the credentials.
- [Architecture and Design]Make appropriate use of cryptography to protect the credentials.
- [Implementation]Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.).
Related CAPEC attack patterns· 13
References
Exploits (incoming)13
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Windows Admin Shares with Stolen Credentialscapec-561 | 100% | live |
| AttackPattern | Credential Stuffingcapec-600 | 100% | live |
| AttackPattern | Remote Services with Stolen Credentialscapec-555 | 100% | live |
| AttackPattern | Password Recovery Exploitationcapec-50 | 100% | live |
| AttackPattern | Use of Captured Tickets (Pass The Ticket)capec-645 | 100% | live |
| AttackPattern | Signature Spoofing by Key Theftcapec-474 | 100% | live |
| AttackPattern | Use of Captured Hashes (Pass The Hash)capec-644 | 100% | live |
| AttackPattern | Use of Known Domain Credentialscapec-560 | 100% | live |
| AttackPattern | Use of Known Kerberos Credentialscapec-652 | 100% | live |
| AttackPattern | Session Sidejackingcapec-102 | 100% | live |
| AttackPattern | Use of Known Operating System Credentialscapec-653 | 100% | live |
| AttackPattern | Modify Existing Servicecapec-551 | 100% | live |
| AttackPattern | Kerberoastingcapec-509 | 100% | live |
Compliance frameworks addressing this (incoming)10
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | gdpr-art25 | 100% | live |
| ComplianceControl | gdpr-art34 | 100% | live |
| ComplianceControl | iso27001-a.8.9 | 100% | live |
| ComplianceControl | gdpr-art33 | 100% | live |
| ComplianceControl | gdpr-art35 | 100% | live |
| ComplianceControl | iso27001-a.8.24 | 100% | live |
| ComplianceControl | cis_v8-4 | 100% | live |
| ComplianceControl | nist_csf-gv | 100% | live |
| ComplianceControl | iso27001-a.5.23 | 100% | live |
| ComplianceControl | owasp_api_top10-api08 | 95% | live |
(incoming)50
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0477cve-2025-0477 | 0% | live |
| Vulnerability | CVE-2025-0497cve-2025-0497 | 0% | live |
| Vulnerability | CVE-2025-0498cve-2025-0498 | 0% | live |
| Vulnerability | CVE-2025-0867cve-2025-0867 | 0% | live |
| Vulnerability | CVE-2025-0890cve-2025-0890 | 0% | live |
| Vulnerability | CVE-2025-15113cve-2025-15113 | 0% | live |
| Vulnerability | CVE-2025-15617cve-2025-15617 | 0% | live |
| Vulnerability | CVE-2025-2311cve-2025-2311 | 0% | live |
| Vulnerability | CVE-2025-23342cve-2025-23342 | 0% | live |
| Vulnerability | CVE-2025-25570cve-2025-25570 | 0% | live |
| Vulnerability | CVE-2025-25650cve-2025-25650 | 0% | live |
| Vulnerability | CVE-2025-26492cve-2025-26492 | 0% | live |
| Vulnerability | CVE-2025-27648cve-2025-27648 | 0% | live |
| Vulnerability | CVE-2025-27650cve-2025-27650 | 0% | live |
| Vulnerability | CVE-2025-3078cve-2025-3078 | 0% | live |
| Vulnerability | CVE-2025-3079cve-2025-3079 | 0% | live |
| Vulnerability | CVE-2025-34196cve-2025-34196 | 0% | live |
| Vulnerability | CVE-2025-34207cve-2025-34207 | 0% | live |
| Vulnerability | CVE-2025-36096cve-2025-36096 | 0% | live |
| Vulnerability | CVE-2025-41682cve-2025-41682 | 0% | live |
| Vulnerability | CVE-2025-42933cve-2025-42933 | 0% | live |
| Vulnerability | CVE-2025-52095cve-2025-52095 | 0% | live |
| Vulnerability | CVE-2025-52549cve-2025-52549 | 0% | live |
| Vulnerability | CVE-2025-54428cve-2025-54428 | 0% | live |
| Vulnerability | CVE-2025-54863cve-2025-54863 | 0% | live |
| Vulnerability | CVE-2025-55306cve-2025-55306 | 0% | live |
| Vulnerability | CVE-2025-58130cve-2025-58130 | 0% | live |
| Vulnerability | CVE-2025-64420cve-2025-64420 | 0% | live |
| Vulnerability | CVE-2025-6519cve-2025-6519 | 0% | live |
| Vulnerability | CVE-2026-21660cve-2026-21660 | 0% | live |
Showing top 30 of 50 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.