VYPR

CWE-311

Missing Encryption of Sensitive Data

ClassDraftLikelihood: High

Description

The product does not encrypt sensitive or critical information before storage or transmission.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-157 · CAPEC-158 · CAPEC-204 · CAPEC-31 · CAPEC-37 · CAPEC-383 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-477 · CAPEC-609 · CAPEC-65

CVEs mapped to this weakness (303)

page 3 of 16
  • CVE-2016-10667HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if…

  • CVE-2016-10664HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…

  • CVE-2016-10663HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker…

  • CVE-2016-10662HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the…

  • CVE-2016-10661HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy…

  • CVE-2016-10660HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources…

  • CVE-2016-10657HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the…

  • CVE-2016-10656HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the…

  • CVE-2016-10655HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled…

  • CVE-2016-10654HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.01

    sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

  • CVE-2016-10653HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…

  • CVE-2016-10652HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.01

    prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

  • CVE-2016-10651HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…

  • CVE-2016-10649HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in…

  • CVE-2016-10648HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested…

  • CVE-2016-10647HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker…

  • CVE-2016-10646HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary…

  • CVE-2016-10645HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if…

  • CVE-2016-10644HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with…

  • CVE-2016-10643HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if…