CWE-522β€”Insufficiently Protected Credentials

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-522
Abstraction:
Class
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Insufficiently Protected Credentials

Description

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Common Consequences

Scope:
Access Control
Impact:
Gain Privileges or Assume Identity
Notes:
An attacker could gain access to user accounts and access sensitive data used by the user accounts.

Related Weaknesses