Missing secure obfuscation
Description
It is possible to obtain source code from the application since it has not been securely obfuscated. This could allow an attacker to understand the inner workings of the application or obtain technical or sensitive information.
Impact
Understand the inner workings of the application to generate new attack vectors.
Recommendation
Obfuscate the applications JavaScript to prevent leakage of technical information that could reveal vulnerable features.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⌚ 60 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the src.
Base
- Attack vector: N
- Attack complexity: L
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: L
- Integrity: N
- Availability: N
Temporal
- Exploit code maturity: U
- Remediation level: O
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:X
- Score:
- Base: 5.3
- Temporal: 4.6
- Severity:
- Base: Medium
- Temporal: Medium
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: U
Result 4.0
- Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
- Score:
- CVSS-BT: 2.7
- Severity:
- CVSS-BT: Low
Compliant code
The source code was obfuscated, preventing an attacker to understand the inner workings of the code
//Rename Obfuscation method
private void calculatePay(a b){
while(b.c()){
b.a(true);
c.a();
b(c);
}
}
Non compliant code
The source code was not obfuscated
private void calculatePay(SpecialList clientGroup){
while(clientGroup.HasMore()){
clientGroup.getNext(true);
client.updatePay();
makePay(client);
}
}
Requirements
Fixes
