Information Collection
Non-encrypted confidential information - Azure
Description Azure credentials are stored in plain text within the source code. Impact - Expose resources, processes and sensitive information that could be compromised. Recommendation Encrypt all sensitive information that is transported or stored ...
Sensitive information in source code - IP
Description Storing IP addresses in code can be a security-sensitive issue, as this can result in an attacker discovering a potentially sensitive address or network segment. Impact Get sensitive information or private secrets. Recommendation - Load ...
Use of software with known vulnerabilities in environments
Description The system uses the version of a software or dependency with known vulnerabilities. Impact Exploit found vulnerabilities in the affected components. Recommendation Update the affected software to the versions recommended by the vendor. ...
Non-encrypted confidential information - Redshift Cluster
Description Some AWS Redshift cluster are not encrypted. Impact Obtain critical information from the databases in plaintext Recommendation Enable the redshift encryption for all clusters Threat Authenticated attacker from the Internet with access to ...
Use of an insecure channel - Docker
Description The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. Inform only the ports that your application needs and avoid exposing ports such as HTTP (80). Impact Capture confidential ...
Insecure encryption algorithm - Insecure Elliptic Curve
Description The system makes use of weak elliptic curves. Impact - Produce incorrect results for some unusual curve points - Expose secret data when the input is not a curve point - Expose secret data through branch synchronization - Expose secret ...
Non-encrypted confidential information - DynamoDB
Description Some AWS DyanmoDB instances are not encrypted or use the default KMS encryption which do not use a Customer Managed Key (CMK) Impact Obtain critical information from the databases in plaintext Recommendation Enable the DynamoDB encryption ...
Non-encrypted confidential information - EBS Volumes
Description One or more Elastic Block Store (EBS) instances are no encrypted, allowing an attacker to read potentially sensitive information regarding the launch configuration of EC2 Instances Impact Obtain information related to EC2 launch ...
Non-encrypted confidential information - EFS
Description The AWS Elastic File System (EFS) service is encrypted with a default KMS key. Best practices recommend encrypting EFS instances using Customer Managed Keys (CMKs) to reduce risk of exposure and give full control of encrypted information. ...
Non-encrypted confidential information - Keys
Description Confidential information is stored in plain text allowing an attacker to view it without any encryption. Impact Obtain sensitive information that can compromise system resources. Recommendation Encrypt all sensitive information that is ...
Non-encrypted confidential information - Hexadecimal
Description The confidential information is encoded in hexadecimal allowing an attacker to view it in plain text when decoding it. Impact Obtain confidential information by decoding hexadecimal. Recommendation Use secure encryption methods to encrypt ...
Use of an insecure channel - Oracle Database
Description Insecure connections from servers to the database. Encryption does not address all communications with the database, including transmissions from clients and transmissions from middle tiers. Impact - Data can be modified, replayed and no ...
Use of an insecure channel - HTTP
Description Client information is transmitted over port 80 or HTTP, a channel that does not use encryption, so credentials and confidential information can be captured in plain text. Impact Compromise sensitive information that travels in plain text. ...
Sensitive information in source code - Git history
Description Sensitive information such as usernames, service credentials or access tokens can be found in the git history. Impact Obtain sensitive information to compromise more resources or services. Recommendation - Remove the sensitive information ...
Sensitive information in source code - Credentials
Description The repository stores sensitive information such as users, passwords, emails, API credentials, among others. Impact Obtain sensitive information to compromise other resources or services Recommendation - Remove the hardcoded sensitive ...
Automatic information enumeration - Corporate information
Description It is possible to automatically enumerate system information such as finding IDs due to different messages for existing and non existing finding IDs. Impact Get all existing findings in the system. Recommendation Show the same response ...
Technical information leak - Credentials
Description When the login page is accessed, a request is triggered in whose response includes an unminified and non-obfuscated script in which the BotChat Direct Line Secret Key can be read in plain text. Impact Obtain the direct line secret key and ...
Technical information leak - Alert
Description Technical information is obtained from the application due to the use of the alert() function (javascript) whose output will always be displayed on the client side. In development environment it is acceptable to use this function to see ...
Business information leak - Corporate information
Description It is possible to access information about some of the company employees, such as their roles and contact information. Impact Obtain information about the role played by some workers within the company. As well as their contact ...
Use of insecure channel - Source code
Description Customer information is transmitted over a channel that does not use encryption. Impact - Capture sensitive information and credentials in plain text. - Intercept communication and steal or forge requests and responses. Recommendation ...
User Enumeration - Wordpress
Description As a result of an inadequate configuration practice, valid users may be listed in the application. Impact Find valid users within the application. Recommendation Implement generic error messages that do not allow an attacker to discern ...
Sensitive information in source code - Dependencies
Description By reversing the application dependencies, it is found that the private key has been stored in the same dependency and not in a protected environment. Impact Obtain the private key used to decrypt the information. Recommendation Securely ...
Business information leak - Financial Information
Description Business information is obtained, such as: - Mail - Payment reference and description - Total value - Product information - Collectors line of business - Payers role Impact Obtain sensitive information to create new attack vectors. ...
Technical information leak - IPs
Description The web server exposes their internal IP through the web page response. Impact Obtain the internal IP of the server. Recommendation Remove web services that expose technical information. Threat Anonymous attacker from the Internet. ...
Technical information leak - Logs
Description The application has an HTML file that displays a LOG of the system. In the event that this page is accessible by users, they will be able to know information about the system. Impact Understand how the system works from the messages ...
Non-encrypted confidential information - Base 64
Description Base64 credentials are stored in the source code. Impact Obtain service credentials. Recommendation - Change the login credentials that were compromised. - Purge git history of affected sensitive data. - Upload sensitive data from secure ...
Automatic information enumeration - Personal Information
Description It is possible to list information and login method of the platform users, since a token associated to the account is not used to consult the information, thus leaving open the possibility to consult information of other users. Impact - ...
Insecure encryption algorithm - ECB
Description Encryption algorithms are handled in ECB mode, which is insecure. Impact Reverse ciphertext to find sensitive information. Recommendation Use algorithms considered cryptographically secure. Threat Authorized attacker from the internal ...
Use of an insecure channel - Cloud Infrastructure
Description Insecure communications medium and channels require application data protection in transit. Impact - Authenticate and compromise communications channels between the client and the server. - Compromise sensitive information that travels in ...
Sensitive information sent via URL parameters - Session
Description The JWT session token is sent by the URL, which allows it to be cached by the browsing history, allowing attackers with local access to the machine to obtain it without any problem. Impact Obtain the users session. Recommendation Use ...
Non-encrypted confidential information - Local data
Description Confidential firebase data is stored in plain text on the devices local storage allowing an attacker who has access to the physical device and bypasses the device security mechanism to view it without any encryption in case of theft or ...
Insecure encryption algorithm - Blowfish
Description Insecure algorithms such as Blowfish are used to encrypt the information stored in the code. Impact Decrypt the credentials that are stored encrypted with blowfish. Recommendation Use secure algorithms such as AES or RSA. Threat ...
Excessive Privileges - Docker
Description The containers executed in the application do not properly restrict the privileges of the users, executing tasks with root user instead of a custom user. Impact Gain total control of the container. Recommendation - Restrict the privileges ...
Insecure encryption algorithm - AES
Description The source code uses RSA/ECB/PKCS1Padding and AES/CBC/PKCS5PADDING encryption and other references use CTR or CFB which are considered insecure. Impact Decrypt the information encrypted with the algorithm because it has vulnerabilities ...
Insecure encryption algorithm - TripleDES
Description The server where the application is stored supports insecurely configured ciphers, in addition to the ECB mode considered insecure: - Data Encryption Standard (DES). Impact Reverse a summary function to find sensitive information. ...
Insecure encryption algorithm - MD5
Description The web application uses insecure algorithms such as MD5 to hash passwords. Impact Crack captured credential easily. Recommendation Use secure hashing algorithms to store passwords like PBKDF2. Threat Authenticated attacker from the ...
Insecure encryption algorithm - SHA1
Description The server where the application is stored supports insecure ciphers - SHA1. Impact Reverse a summary function to find sensitive information. Recommendation Use algorithms considered cryptographically secure. Threat Unauthorized attacker ...
Insecure encryption algorithm - DSA
Description The server where the application is stored supports insecure encryption. Impact Decrypt the information transmitted between the client and the server. Recommendation Use algorithms considered cryptographically secure. Threat Anonymous ...
Automatic information enumeration - Credit Cards
Description It is possible to automatically list credit card information, as the expiration date and security code are not validated. Impact List credit cards in payments. Recommendation Filter the information received for payments. Threat Attacker ...
Automatic information enumeration - AWS
Description The system exposes resources that are not necessary for the operation of the application. Impact Expose system resources that can be enumerated. Recommendation The application should not expose resources that are not explicitly necessary ...
Next page