Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.The vulnerability concerning the accessibility of systems unrelated to the organization within the internal network refers to a situation where external systems or devices not belonging to the organization can connect to and access resources or services within the organization's internal network. This vulnerability may occur due to misconfigurations, weak...
A blank password can be specified for an account with the PASSWD_NOTREQD option. This option is set through the account's UserAccountControl attribute. This is possible during account creation or when the password is reset by an administrator.
The 'User must change password at next logon' option is not affected by this...
Remote access to the Spooler service from the domain controller presents a security issue where the Print Spooler service on an Active Directory domain controller (DC) is exposed to remote access from external sources or unauthorised devices. The Print Spooler service is responsible for managing print jobs in Windows environments,...
ASP.NET debugging enabled is a configuration management vulnerability (CWE-534) that occurs in web and API applications. It occurs when ASP.NET debugging is enabled in a production environment, allowing attackers to access debugging information and potentially exploit the web application. According to the OWASP Testing Guide, "Debugging information can provide an...
Browser cross-site scripting filter disabled is a vulnerability that falls under Web and API category. This vulnerability allows malicious code to be executed in the user’s browser, as the browser is instructed by the server to disable the cross-site scripting filter. Cross-site scripting filters are used to prevent malicious scripts...
No X-XSS-Protection header was set in the response. This means that the browser uses default behavior that detection of a cross-site scripting attack never prevents rendering.
Cross-site scripting (XSS) filters in browsers check if the URL contains possible harmful XSS payloads and if they are reflected in the response page. If...
Compliance checks for Check Point Firewall
Content Sniffing not disabled is a Configuration Management vulnerability that occurs in Web and API applications. It is a type of attack that attempts to exploit potential security flaws in web applications by exploiting the client's ability to interpret data sent from the server. Content Sniffing not disabled can allow...
Content type incorrectly stated, also known as CWE-200, is a type of vulnerability related to configuration management in web and API applications. It occurs when an application incorrectly states the content type of a response when the content type is not correctly given by the application. This can be dangerous...
Content type is not specified is a vulnerability that falls under the category of Configuration Management in the Common Weakness Enumeration (CWE) directory (CWE-20). This vulnerability occurs when there is no content type specified for data sent via Web and API requests. If a content type is not specified, the...
Cookie issued to parent domain is a web application vulnerability in the configuration management category (CWE-20). The vulnerability occurs when a cookie is issued to a parent domain, allowing the cookie to be accessed in the parent domain or other subdomains. This type of cookie injection can be used to...
Cross-domain POST is a type of IT vulnerability which falls under the category of Configuration Management. This vulnerability is primarily found in web applications and APIs, and is defined as the ability to send a request from one domain to another, which is often done by malicious actors. This type...
An active default administrator account represents a security vulnerability when it is not properly managed or secured. Default administrator accounts often come with preset credentials and settings, making them attractive targets for attackers.
Attackers may exploit default administrator accounts to gain unauthorized access to systems or applications, potentially leading to data...
The disclosure of a default software page vulnerability occurs when an application or software system inadvertently exposes its default or administrative pages to users or external parties. These default pages are typically intended for internal use, testing, or administrative purposes, and their exposure can reveal sensitive information about the software...
Duplicate cookies set, also known as CWE-614, is a configuration management vulnerability that occurs in web and API applications. It occurs when two or more cookies are set with the same name and different values, resulting in different responses from the server. This vulnerability can be exploited to hijack a...
The exposure of a `.git` directory, which is commonly used by version control systems like Git, represents a significant security vulnerability. The .git directory contains sensitive information about the versioned code, including the entire history of changes, configuration files, and potentially credentials.
- Source Code Exposure: Exposure of source code can...
External Control of System or Configuration Setting (CWE-908) is a vulnerability that occurs when an external user is able to manipulate the system or configuration settings of a system. This type of vulnerability is typically found in web and API applications, as well as in infrastructure components, such as servers...
Flash cross-domain policy is an IT vulnerability that affects web and API applications. According to the Common Weakness Enumeration (CWE) directory, this vulnerability is classified as CWE-918: Server-Side Request Forgery (SSRF). It occurs when a web application or API allows a malicious user to send unrestricted cross-domain requests to a...
HTML does not specify charset is a configuration management vulnerability (CWE-721) which occurs in web and API applications. This vulnerability does not specify a charset in the header of a web page, which can lead to the page being interpreted with the wrong encoding. This can lead to unexpected characters...
Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognized by browsers. If the browser does not recognize the character set specified by the application, then the browser...
HTML5 Web Message Manipulation (CWE-734) is a type of vulnerability in which an attacker intercepts and manipulates web messages sent between a client and a server. This vulnerability occurs in web and API services, allowing an attacker to alter web messages sent over HTTP or HTTPS, redirecting users to malicious...
HTTP PUT method is enabled vulnerability is a Configuration Management vulnerability (CWE-264) that allows an attacker to modify existing web resources or create new resources via web server. It can be exploited to create malicious files or modify data on a vulnerable server. The vulnerability is categorized as a Security...
An open HTTP port represents a vulnerability when not properly secured. Port 80 is commonly associated with HTTP traffic, and leaving it open without adequate protection can expose a system to various security risks.
Open HTTP traffic allows data to be transmitted without encryption, exposing sensitive information to potential eavesdropping and...
IP Forwarding Enabled is a security weakness that allows attackers to route packets through the vulnerable host, potentially allowing to bypass some firewalls, routers or NAC filtering. Unless the host is a router, it is recommended to disable IP forwarding.
Attackers may use hosts with enabled IP Forwarding to traverse network...
The Pre-Windows 2000 Compatible Access (Pre-Win2k Comp-Access) group in Active Directory is a legacy group that provides backward compatibility for older systems. This group is designed to grant permissions to pre-Windows 2000 operating systems, allowing them to access resources in an Active Directory environment. However, a vulnerability has been identified...
Missing Content Security Policy (CSP) is a configuration management vulnerability. In a nutshell, this vulnerability occurs when an application does not have a defined Content Security Policy (CSP), which is a security mechanism that enables web browser to control over what resources a web page can load.
Having a missing CSP...
Multiple content types specified (CWE-20) is a vulnerability which occurs when a web application or API is configured to accept multiple content types, but not all content types are valid or secure. This vulnerability may lead to attacks such as Cross-Site Scripting (XSS), SQL injection, and other malicious activities. According...
This refers to user accounts, service accounts, or other objects within an organization's IT infrastructure that have passwords set to never expire. These objects could include user accounts, privileged accounts, or system service accounts. When passwords for these objects are not subject to periodic expiration, it poses a security risk...
Old TLS version enabled is a vulnerability in the Configuration Management of Web and API applications, as well as Infrastructure. This vulnerability can occur when an old version of the Transport Layer Security (TLS) protocol is enabled on a system, allowing an adversary to exploit known vulnerabilities associated with the...
Direct database access via the internet refers to the ability to interact with a database directly over the internet without the use of secure protocols or layers of protection. This often involves exposing database ports or services to the public internet, making it susceptible to various security threats.
- Unauthorized Access:...
Password field with autocomplete enabled is a vulnerability related to Configuration Management (CWE-327). It occurs when the web application or API stores user passwords in the web browser's local storage, allowing the browser to autocomplete the password field when the user visits the page again. This can be a security...
Path-relative style sheet import (CWE-16) is a vulnerability related to configuration management in web and API applications. It is a type of vulnerability that allows attackers to inject malicious code in a style sheet, which can in turn be used to steal sensitive data. This vulnerability is described in detail...
This vulnerability pertains to privileged user accounts that are not appropriately marked as 'sensitive and not allowed for delegation' within an organization's authentication and authorization systems. Privileged users typically have elevated access privileges, granting them extensive control over critical systems, sensitive data, and network infrastructure. Failure to designate these accounts...
The Quote of the Day (QOTD) service is a simple network service that provides a server with a quote or a piece of information when a client connects to it. The service operates on UDP port 17 or TCP port 17. QOTD is part of the Internet protocol suite and...
Referer-dependent response is an IT vulnerability related to configuration management. It is listed in the Common Weakness Enumeration (CWE) directory under CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’). It is a vulnerability that occurs in Web and API applications, where the server is configured to respond differently to requests...
SMB (Server Message Block) Shares Unprivileged Access refers to unauthorized access to shared resources on a network that are using the SMB protocol, often without requiring administrative or privileged credentials. SMB is a network file-sharing protocol commonly used in Windows environments.
Attackers may gain access to sensitive files and data stored...
SSL/TLS Cookie without HttpOnly Flag is a configuration management vulnerability (CWE-1004) that allows an attacker to access sensitive cookies. This vulnerability is present when web and API applications are not configured to use the HttpOnly flag on cookies, which prevents the cookie from being accessed by JavaScript. This vulnerability can...
SSL/TLS Cookie without secure flag is a vulnerability that occurs when an application sets an SSL/TLS cookie without the secure flag set, allowing the cookie being sent in clear text over an unsecured connection. This is a configuration management vulnerability, classified in the CWE directory as CWE-614 (Sensitive Cookie in...
The application cannot prevent users from connecting to it via unencrypted connections. Without this header or a misconfigured header, an attacker who is able to modify the network traffic of a legitimate user could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacking...
HTTP Strict-Transport-Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers should only interact with it using secure HTTPS connections and never via the insecure HTTP protocol. A configuration management vulnerability...
TLS Certificate is a type of vulnerability that relates to Configuration Management and occurs when an organization is not properly managing their TLS Certificates. This vulnerability is classified as CWE-295: Improper Certificate Validation (https://cwe.mitre.org/data/definitions/295.html) and is also mentioned in the OWASP Testing Guide v4 (https://owasp.org/www-project-web-security-testing-guide/). TLS Certificates are used to...
User agent-dependent response is a type of configuration management vulnerability (CWE-16) that can occur in web and API applications. It occurs when a web application or API server responds differently to requests based on the user agent string sent by the client. This can lead to information disclosure, or allow...
By default, any user, privileged or not, can join one computer or more to the domain. By doing this, the creation of a new computer account in the Active Directory is triggered.
If the corresponding computer would become sensitive, e.g. by holding critical information from the company for example, it becomes...
Version disclosure is a security weakness that occurs when an application or system unintentionally reveals information about its version number or specific components to potential attackers. This information can be exploited by malicious actors to identify known vulnerabilities associated with that particular version, aiding them in crafting targeted attacks.
The risk...
The vulnerability arises from the accumulation of a significant number of inactive objects within an Active Directory environment. Inactive objects refer to user accounts, computer accounts, groups, and other directory entities that are no longer actively in use but have not been properly managed or removed from the directory. These...
Weak Content Security Policy (CSP) is a weakness found in web applications that can lead to serious security issues. This vulnerability is listed in the OWASP Testing Guide as WSTG-CONF-12. CSP is a security feature of web browsers that allows websites to control the resources that can be loaded, such...
A weak JSON Web Token (JWT) HMAC secret vulnerability occurs when an organization uses a poorly chosen or easily guessable secret key to sign and verify JWTs. JWTs are commonly used for securely transmitting data between parties, and HMAC (Hash-based Message Authentication Code) is a widely used algorithm for signing...
The remote web server contains web pages that are protected by 'Basic' authentication over HTTPS.
While this is not in itself a security flaw, in some organizations, the use of 'Basic' authentication is discouraged as, depending on the underlying implementation, it may be vulnerable to account brute-forcing or may encourage Man-in-The-Middle...
WPA2 (Wi-Fi Protected Access 2) with a pre-shared key (PSK) is a widely used security protocol for securing wireless networks. However, it has a notable vulnerability. When a single, static PSK is shared among multiple users or remains unchanged for extended periods, it can become susceptible to brute force attacks...
Windows Server Update Services (WSUS) is a crucial tool for managing and distributing updates within a Windows environment. However, when configured with unencrypted HTTP instead of HTTPS, WSUS becomes vulnerable to several security risks.
HTTP transmits data in plain text, making it susceptible to interception and manipulation by malicious actors. When...
Showing entries 1 to 50 of 50 entries.