The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Best practices to prevent this CWE
Phase: Architecture and Design
Use an appropriate security mechanism to protect the credentials.
Phase: Architecture and Design
Make appropriate use of cryptography to protect the credentials.
Phase: Implementation
Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.).