Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Admin account(s) which do not have the flag "this account is sensitive and cannot be delegated" is an IT vulnerability that falls within the category of Identity Management. This vulnerability occurs in Infrastructure when an administrator account is created without the sensitive flag, allowing users to access the account and...
Apache Solr local parameter injection is an input validation vulnerability (CWE-20) which occurs when user input is not properly sanitized and validated. This vulnerability can be exploited to inject local parameters into the application, which can then be used to execute malicious code on the server. This vulnerability is most...
Backdoors are authentication vulnerabilities that allow attackers to bypass authentication mechanisms and gain access to systems, applications, or other resources. This type of vulnerability is defined in the Common Weakness Enumeration (CWE) directory as CWE-798: Use of Hard-coded Credentials. It affects web and API applications as well as infrastructure components...
With DFS, a WiFi in the 5Ghz range can perform an automatic channel change if another device is detected on the channel used. This is particularly intended to prevent weather radar systems operating in this frequency range from being disturbed by WiFis. To detect other systems, the channel must be...
Description
Cleartext submission of password is a vulnerability classified under CWE-259: Use of Hard-coded Password. It occurs when a password is transmitted in a non-encrypted form during authentication processes over an open network like the internet. This is a high risk vulnerability as unencrypted data can be easily intercepted by malicious...
Database connection string disclosed (CWE-209) is a vulnerability that occurs when a database connection string, such as a password, is disclosed in a web or API application or within the infrastructure. This can allow an attacker to gain access to the database and sensitive information stored within it. Furthermore, the...
Description
Deauthentication DoS Attack is a type of attack in which an attacker sends deauthentication frames to the wireless access point or wireless client, thereby disabling the wireless connection and preventing the client from reconnecting to the access point. This attack is also known as “Deauth Attack”, “Deauthentication Flood”, or “Deauth...
Denial of Service (DoS) is a type of IT vulnerability that is classified under Availability in the Common Weakness Enumeration (CWE) directory. DoS occurs when a malicious actor intentionally floods a network or system with an overwhelming amount of traffic, requests, or connections. This can cause the system to become...
Directory listing is an information leakage vulnerability that occurs when a web or API server allows directory contents to be read, usually through a web browser, without proper authentication. This allows attackers to access sensitive files, such as configuration and log files, which may contain valuable information or credentials. Directory...
DLL Hijacking is a type of vulnerability where an attacker is able to gain control of a system by exploiting a DLL file. DLLs are dynamic link library files, which are executable files used by applications to perform certain tasks. A DLL hijacking attack involves a malicious actor crafting a...
Expired Certificate is an authentication vulnerability classified as CWE-284 and listed as A6 in the OWASP Testing Guide. It is a type of vulnerability that affects infrastructure, specifically SSL/TLS encryption. When an SSL certificate expires, it can no longer be used to authenticate the connection between two parties, resulting in...
Exposed network ports are one of the most common vulnerabilities in IT infrastructure. It occurs when ports on a network are left open and exposed to the public internet, allowing malicious actors to access the network without authentication. This vulnerability is described in CWE-264, Improper Control of Access to Network...
Exposure of sensitive data in git repository is a type of information leakage vulnerability (CWE-200). It happens when sensitive data is accidentally committed and pushed to a public git repository, where it can be accessed by anyone. The vulnerability affects both Infrastructure and Web and API. According to the OWASP...
External Control of System or Configuration Setting (CWE-908) is a vulnerability that occurs when an external user is able to manipulate the system or configuration settings of a system. This type of vulnerability is typically found in web and API applications, as well as in infrastructure components, such as servers...
Description
External service interaction (DNS) is a type of network communication vulnerability. The Common Weakness Enumeration (CWE) directory identifies this vulnerability as CWE-400. This vulnerability occurs when an application interacts with an external service, such as a Domain Name System (DNS) server, and does not properly validate input. This can lead...
External service interaction (HTTP) is a type of authorization vulnerability where external services are exposed to malicious actors. It occurs when a web or API application interacts with an external service over HTTP, such as APIs, databases, web servers, or other services, and has not implemented proper authorization mechanisms. This...
External service interaction (SMTP) refers to a vulnerability in the software application, wherein the application interacts with external mail server services such as Simple Mail Transfer Protocol (SMTP). This vulnerability is classified as a type of authorization issue, as the application is not properly authorized by the user to interact...
External service interaction leaks IP addresses is a type of information leakage vulnerability (CWE-200) that occurs when a web or API infrastructure interacts with an external service, such as a third-party API. This type of vulnerability can lead to the exposure of sensitive data, such as IP addresses of users...
Description
Highly privileged accounts are not in the Protected Users group is an IT vulnerability related to identity management (CWE-264). This vulnerability occurs when privileged accounts are not part of the Protected Users group, allowing them to bypass the default security settings of the operating system. This type of vulnerability is...
Insecure password reset is a vulnerability (CWE-309) that is found in Identity Management systems. It allows an attacker to exploit the system and reset a user's account password without their knowledge or consent. This type of attack can be performed through web and API interfaces as well as through infrastructure...
Internal Host Name Disclosure is a type of Information Leakage vulnerability (CWE-200) that can occur in both Web and API applications as well as Infrastructure. It is a vulnerability that occurs when a system or application reveals its internal host name to the public, thus potentially exposing internal system information....
LDAP Injection (CWE-90) is a type of injection attack in which malicious code is inserted into LDAP statements via web form input. It occurs when user input is not sufficiently validated and is then used to construct LDAP statements that are passed to an LDAP server for execution. This type...
IMAP (Internet Message Access Protocol) Injection is a type of input validation vulnerability classified under CWE-20. It occurs when unfiltered user input is allowed to execute an IMAP command on an application-side IMAP server. This could occur if the application does not properly sanitize user input before passing it to...
MAC Spoofing of Device with known PSK is a type of authentication vulnerability (CWE-287) that occurs in infrastructure. It is a type of attack in which the attacker changes the MAC address of the device with a known pre-shared key (PSK) in order to gain access to the network. This...
Members in Schema Admins group is an IT vulnerability that falls under the Identity Management category. It occurs in Infrastructure, where the members of the Schema Admins group are given excessive privileges. This vulnerability is classified as CWE-267: Permissions, Privileges, and Access Controls. It is also an important factor in...
Missing Certificate Pinning is an authentication vulnerability (CWE-295) that occurs when an application fails to verify a given certificate against its trusted peers, allowing a malicious certificate to be used as authentication. This type of vulnerability is often found in infrastructure applications, such as web browsers and mobile applications, as...
No confirmation mail after resetting password is a vulnerability in identity management systems that occurs when a user requests a password reset but does not receive a confirmation mail. This vulnerability was first identified in the CWE directory as CWE-804. It is also identified in the OWASP Testing Guide as...
No Multi-factor authentication (CWE-287) is a vulnerability in authentication protocols that allows an attacker to gain access to systems or applications using only a single set of credentials. This vulnerability can be found in Infrastructure, Mobile App and Web and API. According to the OWASP Testing Guide, this vulnerability is...
Description
No password change functionality is a vulnerability in the identity management of IT infrastructure, mobile apps and web and API applications. It is classified as CWE-257, which is described as "Failure to Change a Password in a timely manner". According to OWASP Testing Guide, this type of vulnerability occurs when...
Old Password for krbtgt Account is a type of IT vulnerability that falls under the category of Authentication. It is also classified as CWE-732 (Improper Limitation of a Pathname to a Restricted Directory), according to the Common Weakness Enumeration (CWE) directory. This vulnerability occurs when the krbtgt account password is...
Old TLS version enabled is a vulnerability in the Configuration Management of Web and API applications, as well as Infrastructure. This vulnerability can occur when an old version of the Transport Layer Security (TLS) protocol is enabled on a system, allowing an adversary to exploit known vulnerabilities associated with the...
Out-of-band resource load (HTTP) is a vulnerability in Network Communication as classified in the CWE (Common Weakness Enumeration) directory under CWE-917. It occurs when a Web and API application or Infrastructure allows a third party to access resources without first authenticating them. This vulnerability can be exploited when the resource...
Outdated operating systems is an IT vulnerability categorized under patch management in the CWE directory (CWE-749). It is also classified as a vulnerability in the OWASP Testing Guide under the 'Infrastructure' category. Outdated operating systems are versions of operating systems that are no longer supported by their respective vendors and...
Outdated software is a type of IT vulnerability which is categorized as a patch management issue. It is defined as the use of old and unsupported software, which can contain critical security flaws that attackers can exploit. The Common Weakness Enumeration (CWE) directory has classified this vulnerability as CWE-749: Expired...
Password hash disclosure is an information leakage vulnerability, listed in CWE-209, which occurs when an application discloses the hashed form of a password, usually in plain text, making it easier for attackers to brute force guess the plain text password. Password hashes can be disclosed through web and API applications,...
Password Hash with Insufficient Computational Effort (CWE-521) is a Cryptography vulnerability related to the use of weak password hashing algorithms. This type of vulnerability occurs in Mobile Apps, Infrastructure, Web and API. It happens when an application does not use a strong enough hashing algorithm for passwords, which can be...
Plaintext Storage of a Password is a vulnerability that occurs when a system stores a user’s password in plaintext, meaning the user’s password is not encrypted or hashed. This vulnerability has been classified by the Common Weakness Enumeration (CWE) directory as CWE-259 and is listed under the category of Identity...
Private IP addresses disclosed, CWE-200, is a vulnerability that occurs when private IP addresses are disclosed to an untrusted source. Private IP addresses are the IP addresses that are used within a private network, as opposed to public IP addresses which are used within the public Internet. As per the...
Publicly reported vulnerabilities are security flaws reported by third parties or publicly available sources such as the Common Vulnerabilities and Exposures (CVE) directory. These vulnerabilities can affect Web and API, Infrastructure, and Mobile App systems. They are identified and classified according to the Common Weakness Enumeration (CWE) directory and the...
Sibling domain enumeration is a type of information leakage vulnerability which occurs when an application uses DNS subdomains to identify user accounts or services, and that information is exposed in a way that enables attackers to enumerate valid user accounts and services. According to the Common Weakness Enumeration (CWE) directory,...
SMB Signing not required (CWE-308) is a type of authentication vulnerability that occurs in IT infrastructure. It occurs when an organization fails to require SMB Signing, which is a security feature that digitally signs SMB packets. This vulnerability can be exploited by attackers who can use malicious packets to gain...
SMTP Header Injection (CWE-113) is an input validation vulnerability that occurs when an application or system fails to properly validate user input contained in the header of an email message. This can result in the injection of malicious code into the header of a legitimate email message. This vulnerability is...
SNMP Agent Default Community Name (public) is an Information Leakage vulnerability that occurs in Infrastructure. It is identified as CWE-259 and is classified as a weakness in the OWASP Testing Guide. The vulnerability is caused when a system has the default community name set to public which results in the...
Spoofable client IP address is an authentication vulnerability (CWE-287) that occurs in infrastructure. This vulnerability occurs when an attacker is able to spoof their IP address, in order to bypass authentication. This is often done by impersonating the IP address of a trusted source, to gain access to systems or...
SSH Server CBC Mode Ciphers Enabled is a vulnerability that affects security in the domain of Cryptography. It is classified as CWE-327, which is defined as the use of cryptographic algorithms that rely on the Cipher Block Chaining (CBC) Mode encryption. This vulnerability can be discovered through various means, such...
SSH Weak MAC Algorithms Enabled (CWE-327) is a vulnerability in the cryptographic protocols used to protect data sent over unsecured networks. This vulnerability occurs when an SSH server or client is configured to allow weak MAC algorithms, such as MD5 or HMAC-MD5, to be used during authentication. This can allow...
SSL Anonymous Cipher Suites Supported vulnerability (CWE-310) is when secure sockets layer (SSL) uses cipher suites that do not authenticate the parties involved in a secure communication. According to the OWASP Testing Guide, this vulnerability allows attackers to perform man-in-the-middle attacks, allowing them to gain access to sensitive information or...
SSL Certificate Cannot Be Trusted is a vulnerability in the identity management category of the Common Weakness Enumeration (CWE) directory (CWE-295). It occurs when an SSL certificate is not validated and the user is not sure if the website they are visiting is genuine or not. This vulnerability can be...
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits is a type of cryptographic vulnerability (CWE-310) which occurs when an SSL certificate chain contains RSA keys that are less than 2048 bits in length. This type of vulnerability is particularly common in infrastructure environments and can lead to serious...
SSL Certificate Signed Using Weak Hashing Algorithm is a vulnerability associated with the cryptographic algorithm used to sign the SSL certificate. This vulnerability is categorized as CWE-327, which is defined as “the use of a weak cryptographic algorithm or its parameters for protecting sensitive data” (CWE, 2020). This specific vulnerability...
Showing entries 1 to 50 of 62 entries.