Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:7PK - Security Features
Category ID:254
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV700Seven Pernicious Kingdoms
HasMemberAllowedB256Plaintext Storage of a Password
HasMemberAllowedV258Empty Password in Configuration File
HasMemberAllowedV259Use of Hard-coded Password
HasMemberAllowedB260Password in Configuration File
HasMemberAllowedB261Weak Encoding for Password
HasMemberAllowedB272Least Privilege Violation
HasMemberDiscouragedP284Improper Access Control
HasMemberDiscouragedC285Improper Authorization
HasMemberDiscouragedC330Use of Insufficiently Random Values
HasMemberAllowedB359Exposure of Private Personal Information to an Unauthorized Actor
HasMemberAllowedB798Use of Hard-coded Credentials
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 700
Name: Seven Pernicious Kingdoms
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 256
Name: Plaintext Storage of a Password
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 258
Name: Empty Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 259
Name: Use of Hard-coded Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 260
Name: Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 261
Name: Weak Encoding for Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 272
Name: Least Privilege Violation
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 284
Name: Improper Access Control
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 285
Name: Improper Authorization
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 330
Name: Use of Insufficiently Random Values
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 359
Name: Exposure of Private Personal Information to an Unauthorized Actor
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

Consider mapping to weaknesses that are members of this Category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
7 Pernicious KingdomsN/AN/ASecurity Features
Taxonomy Name: 7 Pernicious Kingdoms
Entry ID: N/A
Fit: N/A
Entry Name: Security Features
▼References
Reference ID: REF-6
Title: Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
Version: v4.15
Author: Katrina Tsipenyuk, Brian Chess, Gary McGraw
Publication:
NIST Workshop on Software Security Assurance Tools Techniques and Metrics
Publisher:NIST
Edition:
URL:https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf
URL Date:
Day:07
Month:11
Year:2005
Details not found