Storage of File With Sensitive Data Under FTP Root
The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.
Various Unix FTP servers require a password file that is under the FTP root, due to use of chroot.
Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2017.
Weaknesses in this category are related to the design and architecture of a system's authorization components. Frequently these deal with enforcing that agents have th...
This category identifies Software Fault Patterns (SFPs) within the Exposed Data cluster (SFP23).
This view (slice) covers all the elements in CWE.
CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...
This view (slice) lists weaknesses that can be introduced during design.