Knowledge Base - Issues

Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.
The vulnerability concerning the accessibility of systems unrelated to the organization within the internal network refers to a situation where external systems or devices not belonging to the organization can connect to and access resources or services within the organization's internal network. This vulnerability may occur due to misconfigurations, weak...

/ Active Directory - Blank passwords

A blank password can be specified for an account with the PASSWD_NOTREQD option. This option is set through the account's UserAccountControl attribute. This is possible during account creation or when the password is reset by an administrator. The 'User must change password at next logon' option is not affected by this...
Remote access to the Spooler service from the domain controller presents a security issue where the Print Spooler service on an Active Directory domain controller (DC) is exposed to remote access from external sources or unauthorised devices. The Print Spooler service is responsible for managing print jobs in Windows environments,...

/ ASP.net Debugging Enabled

ASP.NET debugging enabled is a configuration management vulnerability (CWE-534) that occurs in web and API applications. It occurs when ASP.NET debugging is enabled in a production environment, allowing attackers to access debugging information and potentially exploit the web application. According to the OWASP Testing Guide, "Debugging information can provide an...
Browser cross-site scripting filter disabled (CWE-79) is a configuration management vulnerability that falls under Web and API category. This vulnerability allows malicious code to be executed in the user’s browser, as the cross-site scripting filter is not enabled. According to the OWASP Testing Guide, cross-site scripting filters are used to...
No X-XSS-Protection header was set in the response. This means that the browser uses default behavior that detection of a cross-site scripting attack never prevents rendering. ## Risk Cross-site scripting (XSS) filters in browsers check if the URL contains possible harmful XSS payloads and if they are reflected in the response page....

/ Check Point Firewall Compliance

Compliance checks for Check Point Firewall

/ Content Sniffing Not Disabled

Content Sniffing not disabled is a Configuration Management vulnerability that occurs in Web and API applications. It is a type of attack that attempts to exploit potential security flaws in web applications by exploiting the client's ability to interpret data sent from the server. Content Sniffing not disabled can allow...

/ Content Type Incorrectly Stated

Content type incorrectly stated, also known as CWE-200, is a type of vulnerability related to configuration management in web and API applications. It occurs when an application incorrectly states the content type of a response when the content type is not correctly given by the application. This can be dangerous...

/ Content Type Is Not Specified

Content type is not specified is a vulnerability that falls under the category of Configuration Management in the Common Weakness Enumeration (CWE) directory (CWE-20). This vulnerability occurs when there is no content type specified for data sent via Web and API requests. If a content type is not specified, the...

/ Cookie Issued to Parent Domain

Cookie issued to parent domain is a web application vulnerability in the configuration management category (CWE-20). The vulnerability occurs when a cookie is issued to a parent domain, allowing the cookie to be accessed in the parent domain or other subdomains. This type of cookie injection can be used to...

/ Cross-Domain Post

Cross-domain POST is a type of IT vulnerability which falls under the category of Configuration Management. This vulnerability is primarily found in web applications and APIs, and is defined as the ability to send a request from one domain to another, which is often done by malicious actors. This type...

/ Default administrator account

An active default administrator account represents a security vulnerability when it is not properly managed or secured. Default administrator accounts often come with preset credentials and settings, making them attractive targets for attackers. ## Risk Attackers may exploit default administrator accounts to gain unauthorized access to systems or applications, potentially leading to...

/ Default Software Page

The disclosure of a default software page vulnerability occurs when an application or software system inadvertently exposes its default or administrative pages to users or external parties. These default pages are typically intended for internal use, testing, or administrative purposes, and their exposure can reveal sensitive information about the software...

/ Duplicate Cookies Set

Duplicate cookies set, also known as CWE-614, is a configuration management vulnerability that occurs in web and API applications. It occurs when two or more cookies are set with the same name and different values, resulting in different responses from the server. This vulnerability can be exploited to hijack a...

/ Exposure of .git directory

The exposure of a `.git` directory, which is commonly used by version control systems like Git, represents a significant security vulnerability. The .git directory contains sensitive information about the versioned code, including the entire history of changes, configuration files, and potentially credentials. ## Risk - Source Code Exposure: Exposure of source code...
External Control of System or Configuration Setting (CWE-908) is a vulnerability that occurs when an external user is able to manipulate the system or configuration settings of a system. This type of vulnerability is typically found in web and API applications, as well as in infrastructure components, such as servers...

/ Flash Cross-Domain Policy

Flash cross-domain policy is an IT vulnerability that affects web and API applications. According to the Common Weakness Enumeration (CWE) directory, this vulnerability is classified as CWE-918: Server-Side Request Forgery (SSRF). It occurs when a web application or API allows a malicious user to send unrestricted cross-domain requests to a...

/ HTML Does Not Specify Charset

HTML does not specify charset is a configuration management vulnerability (CWE-721) which occurs in web and API applications. This vulnerability does not specify a charset in the header of a web page, which can lead to the page being interpreted with the wrong encoding. This can lead to unexpected characters...

/ HTML Uses Unrecognized Charset

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognized by browsers. If the browser does not recognize the character set specified by the application, then the browser...

/ Html5 Web Message Manipulation

HTML5 Web Message Manipulation (CWE-734) is a type of vulnerability in which an attacker intercepts and manipulates web messages sent between a client and a server. This vulnerability occurs in web and API services, allowing an attacker to alter web messages sent over HTTP or HTTPS, redirecting users to malicious...

/ HTTP Put Method Is Enabled

HTTP PUT method is enabled vulnerability is a Configuration Management vulnerability (CWE-264) that allows an attacker to modify existing web resources or create new resources via web server. It can be exploited to create malicious files or modify data on a vulnerable server. The vulnerability is categorized as a Security...

/ HTTP traffic

An open HTTP port represents a vulnerability when not properly secured. Port 80 is commonly associated with HTTP traffic, and leaving it open without adequate protection can expose a system to various security risks. ## Risk Open HTTP traffic allows data to be transmitted without encryption, exposing sensitive information to potential eavesdropping...
The Pre-Windows 2000 Compatible Access (Pre-Win2k Comp-Access) group in Active Directory is a legacy group that provides backward compatibility for older systems. This group is designed to grant permissions to pre-Windows 2000 operating systems, allowing them to access resources in an Active Directory environment. However, a vulnerability has been identified...

/ Missing Content Security Policy

Missing Content Security Policy (CSP) is a configuration management vulnerability that is classified as CWE-676 under the Common Weakness Enumeration (CWE) directory. It is also listed as a Web and API vulnerability in the OWASP Testing Guide. In a nutshell, this vulnerability occurs when an application does not have a...

/ Multiple Content Types Specified

Multiple content types specified (CWE-20) is a vulnerability which occurs when a web application or API is configured to accept multiple content types, but not all content types are valid or secure. This vulnerability may lead to attacks such as Cross-Site Scripting (XSS), SQL injection, and other malicious activities. According...

/ Objects with Passwords that Never Expire

This refers to user accounts, service accounts, or other objects within an organization's IT infrastructure that have passwords set to never expire. These objects could include user accounts, privileged accounts, or system service accounts. When passwords for these objects are not subject to periodic expiration, it poses a security risk...

/ Old Tls Version Enabled

Old TLS version enabled is a vulnerability in the Configuration Management of Web and API applications, as well as Infrastructure. This vulnerability can occur when an old version of the Transport Layer Security (TLS) protocol is enabled on a system, allowing an adversary to exploit known vulnerabilities associated with the...

/ Open and exposed database(s)

Direct database access via the internet refers to the ability to interact with a database directly over the internet without the use of secure protocols or layers of protection. This often involves exposing database ports or services to the public internet, making it susceptible to various security threats. ## Risk - Unauthorized...

/ Password Field with Autocomplete Enabled

Password field with autocomplete enabled is a vulnerability related to Configuration Management (CWE-327). It occurs when the web application or API stores user passwords in the web browser's local storage, allowing the browser to autocomplete the password field when the user visits the page again. This can be a security...

/ Path-Relative Style Sheet Import

Path-relative style sheet import (CWE-16) is a vulnerability related to configuration management in web and API applications. It is a type of vulnerability that allows attackers to inject malicious code in a style sheet, which can in turn be used to steal sensitive data. This vulnerability is described in detail...
This vulnerability pertains to privileged user accounts that are not appropriately marked as 'sensitive and not allowed for delegation' within an organization's authentication and authorization systems. Privileged users typically have elevated access privileges, granting them extensive control over critical systems, sensitive data, and network infrastructure. Failure to designate these accounts...
The Quote of the Day (QOTD) service is a simple network service that provides a server with a quote or a piece of information when a client connects to it. The service operates on UDP port 17 or TCP port 17. QOTD is part of the Internet protocol suite and...

/ Referer-Dependent Response

Referer-dependent response is an IT vulnerability related to configuration management. It is listed in the Common Weakness Enumeration (CWE) directory under CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’). It is a vulnerability that occurs in Web and API applications, where the server is configured to respond differently to requests...

/ SMB Shares Unprivileged Access

SMB (Server Message Block) Shares Unprivileged Access refers to unauthorized access to shared resources on a network that are using the SMB protocol, often without requiring administrative or privileged credentials. SMB is a network file-sharing protocol commonly used in Windows environments. ## Risk Attackers may gain access to sensitive files and...

/ SSL/TLS Cookie without Httponly Flag

SSL/TLS Cookie without HttpOnly Flag is a configuration management vulnerability (CWE-614) that allows an attacker to access cookies that are transmitted over an encrypted SSL/TLS connection. This vulnerability is present when web and API applications are not configured to use the HttpOnly flag on cookies, which prevents the cookie from...

/ SSL/TLS Cookie without Secure Flag

SSL/TLS Cookie without secure flag is a vulnerability that occurs when an application sets an SSL/TLS cookie without the secure flag set, resulting in the cookie being sent in clear text over an unsecured connection. This is a configuration management vulnerability, classified in the CWE directory as CWE-614. The OWASP...
The application cannot prevent users from connecting to it via unencrypted connections. Without this header or a misconfigured header, an attacker who is able to modify the network traffic of a legitimate user could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacking...

/ Strict Transport Security Not Enforced

Strict-Transport-Security (STS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers should only interact with it using secure HTTPS connections and never via the insecure HTTP protocol. A configuration management vulnerability occurs...

/ TLS Certificate

TLS Certificate is a type of vulnerability that relates to Configuration Management and occurs when an organization is not properly managing their TLS Certificates. This vulnerability is classified as CWE-295: Improper Certificate Validation (https://cwe.mitre.org/data/definitions/295.html) and is also mentioned in the OWASP Testing Guide v4 (https://owasp.org/www-project-web-security-testing-guide/). TLS Certificates are used to...

/ User Agent-Dependent Response

User agent-dependent response is a type of configuration management vulnerability (CWE-16) that can occur in web and API applications. It occurs when a web application or API server responds differently to requests based on the user agent string sent by the client. This can lead to information disclosure, or allow...
By default, any user, privileged or not, can join one computer or more to the domain. By doing this, the creation of a new computer account in the Active Directory is triggered. ## Risk If the corresponding computer would become sensitive, e.g. by holding critical information from the company for example, it...

/ Version Disclosure

Version disclosure is a security vulnerability that occurs when an application or system unintentionally reveals information about its version number or specific components to potential attackers. This information can be exploited by malicious actors to identify known vulnerabilities associated with that particular version, aiding them in crafting targeted attacks. ## Risk The...
The vulnerability arises from the accumulation of a significant number of inactive objects within an Active Directory environment. Inactive objects refer to user accounts, computer accounts, groups, and other directory entities that are no longer actively in use but have not been properly managed or removed from the directory. These...

/ Weak Content Security Policy (CSP)

Weak Content Security Policy (CSP) is a vulnerability found in web and API configurations that can lead to serious security issues. This vulnerability is listed in the OWASP Testing Guide as T5: Security Misconfiguration. CSP is a security feature of web browsers that allows websites to control the resources that...

/ Weak JWT HMAC Secret

A weak JSON Web Token (JWT) HMAC secret vulnerability occurs when an organization uses a poorly chosen or easily guessable secret key to sign and verify JWTs. JWTs are commonly used for securely transmitting data between parties, and HMAC (Hash-based Message Authentication Code) is a widely used algorithm for signing...
The remote web server contains web pages that are protected by 'Basic' authentication over HTTPS. ## Risk While this is not in itself a security flaw, in some organizations, the use of 'Basic' authentication is discouraged as, depending on the underlying implementation, it may be vulnerable to account brute-forcing or may encourage...

/ WPA2 with a Pre-shared Key

WPA2 (Wi-Fi Protected Access 2) with a pre-shared key (PSK) is a widely used security protocol for securing wireless networks. However, it has a notable vulnerability. When a single, static PSK is shared among multiple users or remains unchanged for extended periods, it can become susceptible to brute force attacks...

/ Wsus Misconfiguration

Windows Server Update Services (WSUS) is a crucial tool for managing and distributing updates within a Windows environment. However, when configured with unencrypted HTTP instead of HTTPS, WSUS becomes vulnerable to several security risks. HTTP transmits data in plain text, making it susceptible to interception and manipulation by malicious actors. When...
Showing entries 1 to 49 of 49 entries.