# Insufficiently Protected Credentials (CWE-522)

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

- Prevalence: 높음 Shoulder 규칙 없음
- Impact: 보통 OWASP Top 10 #7
- Prevention: MITRE 참조 외부 참조

**OWASP:** Identification and Authentication Failures (A07:2021-Identification and Authentication Failures) - #7

## Description

When credentials are not properly protected during transmission or storage, attackers can capture them and use them to impersonate legitimate users.

## Prevention

## Consequences

- 권한 획득
- 보호 메커니즘 우회

## Mitigations

- 모든 자격 증명 전송에 TLS를 사용하세요
- 자격 증명은 salt를 더한 강력한 단방향 해시로 저장하세요
- 안전한 자격 증명 저장 메커니즘을 사용하세요