OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
Category ID: 724 (Category) | Status: Incomplete |
Description Summary
Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2004.
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ParentOf | Category | 255 | Credentials Management | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 259 | Use of Hard-coded Password | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Class | 287 | Improper Authentication | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 296 | Improper Following of Chain of Trust for Certificate Validation | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 298 | Improper Validation of Certificate Expiration | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Variant | 302 | Authentication Bypass by Assumed-Immutable Data | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 304 | Missing Critical Step in Authentication | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 307 | Improper Restriction of Excessive Authentication Attempts | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 309 | Use of Password System for Primary Authentication | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Class | 345 | Insufficient Verification of Data Authenticity | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Compound Element: Composite | 384 | Session Fixation | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 521 | Weak Password Requirements | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 522 | Insufficiently Protected Credentials | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Variant | 525 | Information Leak Through Browser Caching | Weaknesses in OWASP Top Ten (2004)711 |
ParentOf | Weakness Class | 592 | Authentication Bypass Issues | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 613 | Insufficient Session Expiration | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Variant | 620 | Unverified Password Change | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 640 | Weak Password Recovery Mechanism for Forgotten Password | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 798 | Use of Hard-coded Credentials | Weaknesses in OWASP Top Ten (2004) (primary)711 |
MemberOf | View | 711 | Weaknesses in OWASP Top Ten (2004) | Weaknesses in OWASP Top Ten (2004) (primary)711 |
OWASP. "A3 Broken Authentication and Session Management". 2007. <http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=70827>. |