Criteria | Functionality Abuse

Functionality Abuse
Lack of protection against deletion - RDS
Description The current configuration has no protection against deletion, this can lead to the deletion of databases in Amazon Web Services RDS. Impact Delete a database by mistake or without having to go through additional validations. ...
Insecure functionality - Pass the hash
Description It is possible to use the Pass The Hash technique to access resources within the domain. Impact Use account hashes to access domain resources. Recommendation Implement monitoring policies to detect the use of lateral movement techniques ...
Incomplete funcional code
Description There are binary files in the repositories without their corresponding source code, which could be malicious in nature, have vulnerabilities or store sensitive information. Decompiling one of the binaries was found to have unencrypted ...
Message flooding
Description It is possible to send mass messages to the phones numbers and emails of the victims, causing saturation of the inbox and consuming resources of the user. Impact - Flood the inbox of the victim. - Increase abruptly the consumed resources ...
Asymmetric denial of service - ReDoS
Description Within the source code there is evidence of the use of dangerous regular expressions, because they make use of complex operations to find matches, which can lead to an attacker sending a specific string of data that could cause the server ...
Traceability loss
Description Some features of the application do not properly keep track of errors, exceptional events or critical actions on the system, hidering the detection of possible security events. Impact Lose the tracking of exceptional events and fail to ...
Debugging enabled in production
Description The system has the debug mode active which generates an information leak when an error is generated. Impact Obtain sensitive information such as stacktraces and versions of the systems used. Recommendation Make sure that debugging mode is ...
Insecure service configuration - DynamoDB
Description The DynamoDB service has insecure configurations. Impact Access to the database and exploit vulnerabilities in the system configuration to affect the service and have access to stored information. Recommendation Set correct configurations ...
Insecure service configuration - SMTP
Description The hosting server has an open port (SMTP 25) which allows attackers to send emails using the web server. Impact Send emails as anyone using the servers. Recommendation Close unused ports to prevent SMTP relay attacks. Threat Anonymous ...
Insecure service configuration - SMB
Description SMBv1 is enabled, this version does not support encryption and has multiple vulnerabilities. Impact Exploit known vulnerabilities found in the affected components. Recommendation Disable SMBv1 and use SMBv3 version. Threat Authenticated ...
Insecure service configuration - RDP
Description The RDP service has enabled the RC4 cipher suite considered outdated when is used in conjunction with TLS/SSL. Impact Obtain information derived from the encrypted channel. Recommendation Disable the RC4 cipher suite on the server. Threat ...
Insecure service configuration - Security Groups
Description EC2 Security Groups are not explicitly defined. Security Group input/output rules are not defined. Impact - Extract information from the server without proper consent. - Create holes to gain remote access. Recommendation Securely ...
Insecure service configuration - SSH
Description The SSH service is not filtered by the Firewall to avoid external attacks and possible intrusions through this service. Impact Attempt to access the server through brute force attacks or 0-day exploits. Recommendation Securely configure ...
Insecure service configuration - DNS
Description The DNS server has recursive DNS functionality, which can allow an attacker to perform an amplification attack through it and cause another server to crash. Impact Perform amplification attacks to cause DDos. Recommendation Disable ...
Insecure service configuration - Backdoor
Description Due a misconfiguration on services it is possible to upload files and install backdoors for later access, and leave them for public access. Impact - Leave a shell for public access. - Get access to server files. - Upload and erase ...
Insecure service configuration - Backup
Description The mobile application is allowed to backup the application data stored on the device, allowing information leaks to occur. Impact Obtain confidential information from the application. Recommendation Securely configure the service so that ...
Insecure service configuration - App Backup
Description The application has the backup option active, which allows an attacker who has access to a users device to obtain the information stored by the application inside the device. Impact Obtain confidential user and application information. ...
Insecure service configuration - Firewall
Description The server where the application is hosted has port 8080 open running the http-proxy service. Impact - Establish, from the Internet, a connection with the port open. - Allow malicious clients to mount attacks originating from the IP ...
Insecure service configuration - Antivirus
Description It is possible to evade antivirus signatures to upload and use hacking tools that are commonly detected by any antivirus by recompiling the binaries and source code of the tools and using obfuscation. This would allow an attacker to get ...
Insecure service configuration - Keys
Description The source code repository stores cipher keys directly. Allowing an attacker with access to the source code to compromise the keys to impersonate the application or decrypt the communications between server and client. Impact Obtain ...
Insecure service configuration - Keystore
Description Cryptographic key containers such as keystores should have good security practices, among them: - The Secretkey and Keystore should be in protected environments. - The secrets should be aligned with strong password policies (do not use ...
Insecure service configuration - Wireless Certificates
Description Certificates provide a more secure form of network authentication. These could be stealed for a malware for use communications fraud and data exfiltration, furthermore, non-existent or faulty validation of the access point certificate, ...
Insecure service configuration - Kerberoast
Description Due to the operation of the Kerberos service it is possible to extract krbtgs hashes of users within the domain. Impact Obtain users hashes. Recommendation Configure a logger to alert Kerberoast attacks. Threat Unauthorized domain user ...
Insecure service configuration - AWS
Description Because of a misconfiguration in the AWS services, it is possible to identify and/or try to access resources, functionalities, network segments and ports. Impact - Identify ports, services and network segments. - Try to access the ...
Insecure service configuration
Description No requestValidationMode is assigned in the server configuration files, which would allow XSS attacks. Impact Obtain sensitive information through XSS attacks. Recommendation Activate the recommended protection mechanisms as Request ...
Inappropriate coding practices - Cyclomatic complexity
Description The application has source code with high McCabe cyclomatic complexity, making the code difficult to understand and maintain, promoting the appearance of new security vulnerabilities and hindering their detection and solution. Impact ...
Inappropriate coding practices - Eval function
Description The eval function is used with the input of request data, such as url params or request headers, this data is not properly validated and can lead to statements being injected to execute commands on the server. Impact - Execute commands on ...
Insecure exceptions - Empty or no catch
Description The application does not perform proper exception handling. Empty _catch_ statements are found, or _try_ statements without their respective _catch_. This behavior can make the application temporarily or permanently unavailable by ...
Inappropriate coding practices
Description Classes are found with their fields defined as public, which does not respect the encapsulation principle. Impact Obtain and modify attributes that by definition should be private. Recommendation Set attributes as private and generate ...
Race condition
Description The system presents unexpected behavior when the inputs of a specific functionality do not arrive in the expected order. Impact - Overwrite, delete or read arbitrary files from the system. - Cause unexpected behavior in the application. ...
Email flooding
Description It is possible to send emails massively to a victims inbox, causing its saturation. Impact - Send massive spam to a user email. - Hide important information of another emails. Recommendation Restrict the consecutive send of emails through ...
Improper dependency pinning
Description The application does not make explicit the whole dependency tree it requires (direct and indirect third-party libraries) and their respective version. Impact - Accept a range of versions can cause a version of a dependency that is not ...
Regulation infringement
Description The system violates regulations of a jurisdiction to which it is subject. Impact - Use the application without having accepted the terms and conditions of the application. - Incur a fine or other legal sanction. Recommendation Consider ...
Unverifiable files
Description Files are stored in the repository that cannot be verified because their content is not compatible with their extension. Impact - Difficult the versioning and security auditing process. - Introduce vulnerabilities of previous versions in ...
Improper type assignation
Description There are variant variables in the source code, i.e., no specific type is declared for them. This can be inefficient, as it becomes necessary to identify the variable's data type and cast it every time it is used. Impact Result in ...
HTTP request smuggling
Description The system uses one or more entities, such as a proxy or a firewall, to process requests between the client and the server. These entities do not process HTTP requests consistently, thus making it possible to post malformed requests to ...
Unrestricted access between network segments - RDS
Description Some RDS Cluster or Instances are not defined inside a Database Subnet Group. Impact Access to RDS services in a insecure way from the Internet. Recommendation Ensure that all RDS instances belong to a Database Subnet Group. Threat ...
Improper control of interaction frequency
Description The system does not limit the amount of requests (rate limit) that a user can post to the server in a short period of time. Impact - Fill the application logs with junk information. - Saturate the server with multiple requests causing a ...
Email uniqueness not properly verified
Description The system allows the plus character in the email registration process. An attacker could abuse this feature to create several accounts pointing to the same email. Impact Create multiple accounts with the same email. Recommendation The ...
Lack of protection against deletion
Description The system does not prevent critical objects from being deleted accidentally. Impact - Result in loss information in case of an accidental modification or deletion. - Result in loss information in the case of a security incident. ...
Next page

Criteria | Functionality Abuse | Knowledge Base

Functionality Abuse

Lack of protection against deletion - RDS

Insecure functionality - Pass the hash

Incomplete funcional code

Message flooding

Asymmetric denial of service - ReDoS

Traceability loss

Debugging enabled in production

Insecure service configuration - DynamoDB

Insecure service configuration - SMTP

Insecure service configuration - SMB

Insecure service configuration - RDP

Insecure service configuration - Security Groups

Insecure service configuration - SSH

Insecure service configuration - DNS

Insecure service configuration - Backdoor

Insecure service configuration - Backup

Insecure service configuration - App Backup

Insecure service configuration - Firewall

Insecure service configuration - Antivirus

Insecure service configuration - Keys

Insecure service configuration - Keystore

Insecure service configuration - Wireless Certificates

Insecure service configuration - Kerberoast

Insecure service configuration - AWS

Insecure service configuration

Inappropriate coding practices - Cyclomatic complexity

Inappropriate coding practices - Eval function

Insecure exceptions - Empty or no catch

Inappropriate coding practices

Race condition

Email flooding

Improper dependency pinning

Regulation infringement

Unverifiable files

Improper type assignation

HTTP request smuggling

Unrestricted access between network segments - RDS

Improper control of interaction frequency

Email uniqueness not properly verified

Lack of protection against deletion

Next page