Access Subversion
Security controls bypass or absence - Anti hooking
Description The application does not have anti-hooking protections, allowing tools such as Frida to work in its execution. Impact - Evade security controls such as SSL pinning. - Intercept function calls and messages to alter the behavior of the ...
Insufficient Physical Access Controls
Description It is possible to access the facilities by tailgating. Impact Access to facilities and offices. Recommendation Ask everyone who enters the office for an access card. Make employees aware of tailgating. Threat Anonymous attacker entering ...
Unauthorized access to files - Cloud Storage Services
Description Some cloud storage service used by the application can be publicly accessed, without requiring any authentication, allowing an attacker to download its content, modify or delete the stored information Impact Compromise the information ...
Unauthorized access to files - Debug APK
Description The debug APK is available to anyone on the Internet. Impact - Host an APK in AWS. - Download the debug APK without any authentication, being able to analyze the application and find vulnerabilities easily. Recommendation Protect the APK ...
Unauthorized access to files
Description In the functionality corresponding to update user data, it is possible to inject potentially dangerous characters that generate inappropriate behavior in the application, exposing the access to Sharepoint and allowing the user to access ...
Insecure digital certificates
Description The apk certificate was signed using the SHA1 algorithm. This algorithm is considered quite insecure, so it should not be used to sign certificates since it can be reversed in order to obtain the signing key. On the other hand, there are ...
Excessive privileges - Temporary Files
Description The application creates temporary withouth properly restricting their privileges or access modes, allowing an attacker to craft new attack vectors Impact - Get access to the created temporary files. - Tamper data contained in the created ...
Excessive privileges
Description A user with access to the application can generate an error within the application to gain access to the SharePoint platform. From which they can create groups with excessive privileges, to use functions that were not possible to access ...
Unrestricted access between network segments - Azure AD
Description Azure Active Directory Graph API services can be accessed and used from anywhere on the Internet. Note: the URL of the service as well as the credentials to use it were found in the application code. Impact - Access to confidential ...
Unrestricted access between network segments
Description The current network configuration lacks access restrictions between network segments, which would allow an attacker to access privileged server segments or services from unauthorized networks. Impact Obtain unauthorized access to network ...
Insecurely generated cookies - Secure
Description The system does not set the Secure attribute for sensitive cookies, which could cause them to be sent through an insecure channel. Impact Obtain sensitive information by performing a MiTM attack. Recommendation The application must set ...
Insecurely generated cookies - SameSite
Description The applications cookies are generated without properly setting the SameSite attribute. Impact Perform a malicious request via a CSRF attack. Recommendation The application must set the SameSite attribute in the cookies with sensitive ...
Insecurely generated cookies - HttpOnly
Description The applications cookies are generated without properly setting the HttpOnly attribute. Impact Obtain sensitive information by performing a XSS attack. Recommendation The application must set the HttpOnly attribute in the cookies with ...
Lack of isolation methods
Description The system do not use isolation methods for running applications. Impact Allow the construction of covert communication channel. Recommendation - Use dedicated cloud servers rather than VMs or cloud-based containers. - Implement specific ...
Security controls bypass or absence
Description The system has security controls that can be bypassed. Impact Send multiple requests to the server without control. Recommendation Limit the number of requests that can be made by the same host in defined time slots. Threat Anonymous ...
Lack of multi-factor authentication
Description Critical services of the system, such as databases, shared resources containing sensitive information and web services, are not protected by a multi-factor authentication mechanism. This makes it easier for an attacker who has compromised ...
Insecure session management
Description The session token does not expire when the user terminates the session and can be used to post requests afterwards. Impact - Access the session of a previously authenticated user. - Make enquiries to obtain confidential information. - ...
Unauthorized access to files - APK Content Provider
Description The Content Provider API allows third party applications installed in the device to retrieve data stored by the application. Access to this data must not be allowed to all applications by default. Instead, (and only if required) specific ...
Insecure session expiration time
Description User sessions do not expire after 5 minutes of inactivity. Impact - Obtain user information. - Upload files to the application without authorization. Recommendation Close the sessions when they remain inactive more than 5 minutes. Threat ...
Concurrent sessions
Description The application does not validate the number of active sessions each user has, thus a user can login more than once at the same time. Furthermore, the application does not notify the user when a session has already been initiated nor when ...
Asymmetric denial of service - Content length
Description The Content-Length field specifies the size of the transmitted form of data after the request header. In an attack, the Content-Length field contains a very high value, meaning the server will expect to receive a large amount of data. The ...
Anonymous connection
Description Due to an improper configuration of the server (e.g., an FTP service with username: anonymous and password: guest or an SMTP open relay), it is possible to make anonymous connections to it and access otherwise protected resources. Impact ...
Cracked weak credentials
Description The low complexity of the hashes stored in the database considerably reduces the amount of time required to crack them. Impact Unauthorized access, or even the insufficient data validation can make the system vulnerable. Recommendation ...
Insecurely generated cookies
Description The system does not set security attributes for sensitive cookies, which could cause them to be sent in plain text or disclosed by unauthorized users on the client side. Impact Send plain text session cookies through insecure channels. ...
Improper authorization control for web services
Description The systems web services do not have an authorization control mechanism or the one in place can be bypassed. Impact Obtain confidential information from users. Recommendation Validate through session cookies or tokens that users trying to ...
Excessive privileges - AWS
Description The application, a user or a role have more privileges than they require. This can be leveraged by an attacker to execute normally restricted actions on a system. Impact Execute actions that should be restricted to other groups or roles. ...
Insecure file upload
Description The system allows the upload of files with two extensions or with unsafe ones, such as .html, .php or .exe. Furthermore, the system does not validate whether or not the file is free from malicious code. Impact Upload malicious files to ...
Unrestricted access between network segments - AWS
Description The infrastructure definition for network segments in the AWS context is too permissive. Impact - Expose resources, processes and sensitive information that could be compromised. - Accept incoming or outcoming connections that should be ...
Improper authentication for shared folders
Description The folders that are shared over the network do not require any authentication to be accessed. Impact Access to sensitive information stored in folders. Recommendation Limit the access to shared folders only to authorized users with their ...
Insecure object reference
Description The systems authorization mechanism does not prevent one user from accessing another users data by modifying the key value that identifies it. Impact Obtain, modify or delete information from other users. Recommendation - Validate that ...
Cross-site request forgery
Description The applications configuration allows an attacker to trick authenticated users into executing actions without their consent. Impact Impersonate a user request to execute malicious actions in the application. Recommendation Use of tokens ...
Authentication mechanism absence or evasion
Description The system lacks an authentication mechanism or has one that can be bypassed. Therefore, an attacker can access resources that should be protected without having an active session. Impact Bypass the login mechanism a nd get unauthorized ...
Privilege escalation
Description Due to an insecure role configuration, it is possible to obtain administrative access or privileges using a standard user account. Impact Get access to information and operations that should not be available for the current role. ...