该栏目为中科天齐全新规划的悟空云课堂,每周五下午18:00准时上线,旨在科普软件安全相关知识,助力企业有效防范软件安全漏洞,提升网络安全防护能力。 【悟空云课堂】第十三期:敏感信息的明文传输漏洞(CWE-319: Cleartext Transmission of Sensitive Information) 什么是敏感信息的明文传输漏洞?程序在通信时以明文形式传输敏感...
CWE-319 CWE-313 CWE-315 语言:. C、C++、C#、Java、Objective-C、Objective-C++ UNENCRYPTED_SENSITIVE_DATA 可查找使用通过未加密方式传输或存储的敏感数据(例如密码、密码密钥等)的代码。如果未经加密即存储或传输敏感数据,会导致攻击者窃取或篡改此类数据。修复此类缺陷需要更改所有端点。 预览检查器:UNENCRYPTED_...
Apex 319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Apex 320 Weaknesses in this category are related to errors in the management of cryptographic keys. Apex 321 The use of a hard-coded cryptograp...
CWE-319 C/C++ cpp/non-https-url Failure to use HTTPS URLs CWE-326 C/C++ cpp/boost/tls-settings-misconfiguration boost::asio TLS settings misconfiguration CWE-326 C/C++ cpp/insufficient-key-size Use of a cryptographic algorithm with insufficient key size CWE-326 C/C++ cpp/unknown-asymmetric-...
39 CWE-319 敏感信息的明文传输 174 6.74 2.15 0 -4 40 CWE-312 敏感信息的明文存储 182 6.25 2.01 0 +1 2022 CWE Top 26-40缺陷列表 从2021年Top 25下降排名的缺陷如下: CWE-732(关键资源的权限分配不正确):从#22 到 #30 CWE-200(将敏感信息暴露给未经授权的行为者):从#20 到 #33 CWE-522(凭证...
CWE-319 C# cs/web/cookie-secure-not-set 'Secure' attribute is not set to true CWE-321 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key CWE-321 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials CWE-321 C# cs/hardcoded-credent...
Cleartext Storage of Sensitive Information in Executable CWE-319: Cleartext Transmission of Sensitive Information CWE-321: Use of Hard-coded Cryptographic Key CWE-322: Key Exchange without Entity Authentication CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-324: Use of a Key Past its Expira...
CWE-319: Cleartext Transmission of Sensitive Information kingthorinmentioned this on Feb 2, 2025 pscanrulesAlpha: Replace usage of CWE-200 zaproxy/zap-extensions#6149 kingthorin self-assigned thison Feb 2, 2025 thc202closed this as completedin #6149on Feb 4, 2025 Sign up for free to jo...
本文分享自华为云社区《从过去5年CWE TOP 25的数据看软件缺陷的防护》,作者:Uncle_Tom。 "以史为鉴,可以知兴替"。CWE 已经连续5年发布了 CWE TOP 25,我们可以从过去5年CWE TOP 25 的变化趋势,去寻找高危安全漏洞的发展趋势,为安全政策和投资决策提供指引,这对于安全防护人员、代码检查工具的开发,以及...
CWE-319: Cleartext Transmission of Sensitive Information CWE-352: Cross-Site Request Forgery (CSRF) CWE-362: Race Condition CWE-209: Error Message Information Leak Risky Resource Management The weaknesses in this category are related to ways in which software does not properly manage the creation,...