7PK - Security Features
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
Using an empty string as a password is insecure.
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the...
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
The software stores a password in a configuration file that might be accessible to actors who do not know the password.
Storing a password in plaintext may result in a system compromise.
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to exte...
The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Obscuring a password with a trivial encoding does not protect the password.
This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms.
- Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
NIST Workshop on Software Security Assurance Tools Techniques and Metrics