CWE•Class•Incomplete•20 recent CVEs
CWE-522Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Common consequences
- Access Control→Gain Privileges or Assume IdentityAn attacker could gain access to user accounts and access sensitive data used by the user accounts.
Potential mitigations
- Architecture and DesignUse an appropriate security mechanism to protect the credentials.
- Architecture and DesignMake appropriate use of cryptography to protect the credentials.
- ImplementationUse industry standards to protect the credentials (e.g. LDAP, keystore, etc.).
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-417156.12026-06-09CVE-2026-399086.52026-06-08CVE-2026-464407.52026-06-08CVE-2026-465112026-06-05CVE-2026-73138.72026-06-02CVE-2026-731210.02026-06-02CVE-2026-43872026-05-29CVE-2026-493796.52026-05-29CVE-2026-429515.42026-05-29CVE-2024-472714.92026-05-27CVE-2026-22554.32026-05-27CVE-2026-93953.52026-05-24CVE-2026-399687.12026-05-22CVE-2025-134777.12026-05-21CVE-2026-03936.52026-05-21CVE-2026-63456.52026-05-18CVE-2025-623123.02026-05-14CVE-2026-62535.92026-05-13CVE-2026-439929.82026-05-12CVE-2026-83686.52026-05-12