Information Collection
Sensitive information in source code - API Key
Description The encryption key is stored in the source code in plain text and is not obtained from a secure source that guarantees its confidentiality. Impact - Generate an elaborate brute-force attack on the applications encrypted messages. - Open ...
Insecure encryption algorithm - Perfect Forward Secrecy
Description The application uses cipher algorithms that expose all messages made during the communication if the current private key is compromised. Impact Obtain sensitive information that is being transmitted or has been stored. Recommendation ...
Directory listing
Description The system displays the applications directories, allowing an attacker to know the content of the files stored on the server. Impact - Obtain technical or sensitive information of the files stored in the applications directory. - Collect ...
Metadata with sensitive information
Description The system exposes sensitive information through public metadata files. Impact - Obtain sensitive information. - Obtain information that can be used to compromise other systems. Recommendation Delete files metadata before sharing or ...
XS-Leaks
Description It is possible to use browser side-channels to obtain sensitive information from the users. Impact - Know the step in which the user is at a given moment. - Leak sensitive data of the user without authorization. Recommendation Load the ...
Non-encrypted confidential information - S3 Server Side Encryption
Description Some S3 buckets do not explicitly enable the Server-Side-Encryption (SSE) property. So the stored objects are not encrypted at rest, exposing their content to leaks by attackers or unauthorized users. Impact Compromise sensitive data ...
Insecure encryption algorithm - Cipher Block Chaining
Description The application uses algorithms with insecure cipher block chaining. Impact Exploit cipher process vulnerability and collect sensible information. Recommendation Use algorithms considered cryptographically secure. Threat Unauthorized ...
Insecure encryption algorithm - Anonymous cipher suites
Description The application allows connections with anonymous cipher suites. Impact Obtain sensitive information by performing a MitM attack. Recommendation Use algorithms considered cryptographically secure. Threat Unauthorized attacker from ...
Sensitive data stored in client-side storage
Description The application stores sensitive information in the client-side storage (localStorage or sessionStorage). This exposes the information to unauthorized read operations. Impact Obtain sensitive information through XSS or MitB attacks. ...
Insecurely deleted files
Description It is possible to retrieve deleted files with sensitive information because they were merely sent to the Recycle Bin or removed using insecure protocols. Impact Recover with unauthorized access, deleted files with sensitive information. ...
Business information leak - Customers or providers
Description Sensitive information such as customer or providers lists, emails, phone numbers or identifiers can be obtained from the application. Impact Obtain sensitive information to craft new attack vectors. Recommendation Implement security ...
Weak CAPTCHA
Description The system uses an insecure CAPTCHA implementation that allows the usage of optical recognition tools to automatically pass it. Impact Bypass security mechanisms to perform automated attacks. Recommendation Ensure that captchas response ...
Technical information leak - Console functions
Description The application uses console functions: log, info, warning. The usage of these functions in productions environments may lead to information leakages and reveal vulnerable methods, technologies, or logic. Impact Gather technical ...
Sensitive information stored in logs
Description The system stores sensitive information such as credentials, bank accounts and file paths in log files. Impact Obtain sensitive information that may compromise system resources. Recommendation Verify that the information stored in logs is ...
Exposed administrative services
Description One or more of the systems administration consoles are exposed (possibly on the internet), which may lead to unauthorized access attempts. Impact Attempt to access the administrative site. Recommendation Restrict the access to the ...
Insecure encryption algorithm
Description The application uses insecure encryption algorithms. Impact - Reverse the ciphertext and collect sensible information. - Tamper protected data by exploiting algorithm collisions. Recommendation Use algorithms considered cryptographically ...
Automatic information enumeration
Description It is possible to automatically enumerate system information such as open ports, available services and users personal data. Impact - Obtain information from internal users. - Obtain account information from partners and suppliers. ...
Missing secure obfuscation - APK
Description It is possible to obtain source code of the application because it has not been obfuscated using a secure mechanism. This could allow an attacker to understand the inner workings of the application or get technical or sensitive ...
Exposed web services
Description The systems WSDL file contains sensitive information and is exposed to a larger audience than required. Impact - Obtain information from the application services. - Expand the attack surface. Recommendation Restrict access to /_vti_bin ...
Business information leak
Description It is possible to obtain business information, such as: - Username list - Strategic information - Employees information - Clients information - Providers information Impact Obtain sensitive information to create new attack vectors. ...
Technical information leak
Description It is possible to obtain technical information such as: - System component versions (HTTP headers, service banner, etc.) - Specific information about the configuration of server components (php.ini, web.config) Impact Obtain technical ...
ViewState not encrypted
Description The state information of application forms that is stored in the ViewState is not encrypted. Impact Leak app state information through the ViewState value. Recommendation Encrypt the ViewState in the application configuration. Threat ...
Sensitive information sent via URL parameters
Description The system sends sensitive information via URL parameters using the GET method. These parameters are: - Stored in clear text in the browser history. - Sent to external sites via the referrer HTTP header. - Sent to external sites via the ...
Insecure temporary files
Description The system uses temporary files to store sensitive information. Alternatively, the system deploys sensitive temporary files to the production environment. Impact Steal server secrets. Recommendation Avoid saving sensitive information in ...
User enumeration
Description The system provides different responses for existent and non-existent users, allowing an attacker to enumerate valid users via error messages, response times, frames count, among other techniques. Impact Obtain valid application ...
Call interception
Description It is possible to intercept calls made using the VoIP platform because the communication is not encrypted. Impact Get call information. Recommendation Configure the channel with TLS or SRTP and TLS, or configure a firewall to cipher ...
Use of an insecure channel
Description The system transmits information through a channel without encryption. Impact Capture confidential information and credentials in plain text. Recommendation Deploy the application over an encrypted communication channel, for instance, ...
Non-encrypted confidential information
Description Confidential information is stored in plain text allowing an attacker to view it without any type of encryption. Impact Obtain sensitive information that may compromise system resources. Recommendation Encrypt all sensitive information ...
Administrative credentials stored in cache memory
Description It is possible to retrieve administrative credentials from the systems cache memory. Impact Obtain functional credentials for privileged users. Recommendation Avoid the store of sensitive information in temporary files or cache. Threat ...
Sensitive information sent insecurely
Description The system sends sensitive information through a channel or method which does not guarantee its confidentiality or integrity. Impact Compromise sensitive information traveling in a insecure channel Recommendation Guarantee that ...
Insecure encryption algorithm - SSL/TLS
Description The server allows the usage of insecure TLS protocol versions. Impact Compromise sensitive information that travels between client and server. Recommendation Update TLS protocol to version TLSv1.2 or TLSv1.3 if possible. Threat ...
Use of software with known vulnerabilities
Description The system uses the version of a software or dependency with known vulnerabilities. Impact Exploit found vulnerabilities in the affected components. Recommendation Update the affected software to the versions recommended by the vendor. ...
Sensitive information in source code
Description The source code repository contains sensitive information such as usernames, passwords, email addresses and IP addresses, among others. Alternatively, while values may be password=123 o aws.secret_key=test, they reveal the bad practice of ...