Paid content will be excluded from the download.
Matches : 909
Weaknesses in this category are related to the management of credentials.
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
The program accesses or uses a pointer that has not been initialized.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems.
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Weaknesses in this category are typically found within source code.
The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.