Knowledge Base - Issues

Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.
The vulnerability concerning the accessibility of systems unrelated to the organization within the internal network refers to a situation where external systems or devices not belonging to the organization can connect to and access resources or services within the organization's internal network. This vulnerability may occur due to misconfigurations, weak...

/ Active Directory - Blank passwords

A blank password can be specified for an account with the PASSWD_NOTREQD option. This option is set through the account's UserAccountControl attribute. This is possible during account creation or when the password is reset by an administrator. The 'User must change password at next logon' option is not affected by this...
Local user or computer accounts with indirect control over an object in Active Directory refer to accounts that, while not explicitly assigned permissions on an object within Active Directory, have a level of control or influence over that object through group memberships, group policies, or other means. This indirect control...
Groups are the standard way of providing access to resources in an environment. Therefore group membership should be treated with utmost care. A less known Active Directory feature can be used for the same purpose: Primary Group ID. This is a mechanism that was created to support legacy UNIX applications,...
Remote access to the Spooler service from the domain controller presents a security issue where the Print Spooler service on an Active Directory domain controller (DC) is exposed to remote access from external sources or unauthorised devices. The Print Spooler service is responsible for managing print jobs in Windows environments,...
Unresolved SIDs (Security Identifiers) in Active Directory refer to SIDs that cannot be mapped to valid user or group accounts within the domain or forest. SIDs are unique identifiers assigned to security principals (users, groups, and computers) in Windows environments. When an SID is unresolved, it means that Active Directory...
This refers to a situation in which individuals or entities within an organization possess administrative privileges or elevated access rights within the Active Directory (AD) domain but are not officially designated as administrators. This can occur due to misconfigurations, insufficient monitoring, or the inappropriate delegation of permissions, allowing unauthorized personnel...
Admin account(s) which do not have the flag "this account is sensitive and cannot be delegated" is an IT vulnerability that falls within the category of Identity Management. This vulnerability occurs in Infrastructure when an administrator account is created without the sensitive flag, allowing users to access the account and...
Apache Solr local parameter injection is an input validation vulnerability (CWE-20) which occurs when user input is not properly sanitized and validated. This vulnerability can be exploited to inject local parameters into the application, which can then be used to execute malicious code on the server. This vulnerability is most...
Compliance checks for Amazon Web Services
With DFS, a WiFi in the 5Ghz range can perform an automatic channel change if another device is detected on the channel used. This is particularly intended to prevent weather radar systems operating in this frequency range from being disturbed by WiFis. To detect other systems, the channel must be...

/ Chargen UDP Service Remote DoS

Cleartext submission of password is a vulnerability that occurs when a password is transmitted in a non-encrypted form during authentication processes over an open network like the internet. Unencrypted data can be easily intercepted by malicious actors and used to gain access to systems and resources. According to the OWASP...
Constrained Delegation is a feature in Microsoft Active Directory that allows a service to impersonate users and access network resources on their behalf. This delegation of authentication and authorization is meant to enhance user experience and streamline application workflows. However, if not properly configured, Constrained Delegation can introduce a significant...
Database connection string disclosed (CWE-209) is a vulnerability that occurs when a database connection string, such as a password, is disclosed in a web or API application or within the infrastructure. This can allow an attacker to gain access to the database and sensitive information stored within it. Furthermore, the...
Deauthentication DoS Attack is a type of attack in which an attacker sends deauthentication frames to the wireless access point or wireless client, thereby disabling the wireless connection and preventing the client from reconnecting to the access point. This attack is also known as “Deauth Attack”, “Deauthentication Flood”, or “Deauth...

/ Denial of Service

Denial of Service (DoS) is a type of IT vulnerability that is classified under Availability in the Common Weakness Enumeration (CWE) directory. DoS occurs when a malicious actor intentionally floods a network or system with an overwhelming amount of traffic, requests, or connections. This can cause the system to become...
DES (Data Encryption Standard) Kerberos authentication refers to the use of the DES encryption algorithm within the Kerberos authentication protocol. Kerberos is a network authentication protocol that provides secure authentication for users and services over a non-secure network, and it can use various encryption algorithms for securing authentication tokens. DES...

/ DHCP Server Detection

DHCP servers are responsible for dynamically assigning IP addresses and network configuration information to devices on a network. While DHCP is a critical service for efficient network management, detecting unauthorized or rogue DHCP servers is essential to prevent network disruptions and security risks. ## Risk Rogue DHCP servers may assign conflicting IP...

/ Directory Listing

Directory listing is an information leakage vulnerability that occurs when a web or API server allows directory contents to be read, usually through a web browser, without proper authentication. This allows attackers to access sensitive files, such as configuration and log files, which may contain valuable information or credentials. Directory...

/ Dll Hijacking

DLL Hijacking is a type of vulnerability where an attacker is able to gain control of a system by exploiting a DLL file. DLLs are dynamic link library files, which are executable files used by applications to perform certain tasks. A DLL hijacking attack involves a malicious actor crafting a...

/ Echo Service Detection

The Chargen (Character Generator) service is a network service that operates on UDP (User Datagram Protocol) port 19. It was originally designed for testing and debugging purposes, generating a stream of characters that are sent back to the originating host. However, due to its potential for misuse, the Chargen service...

/ Expired Certificate

Expired Certificate is an authentication vulnerability classified as CWE-284 and listed as A6 in the OWASP Testing Guide. It is a type of vulnerability that affects infrastructure, specifically SSL/TLS encryption. When an SSL certificate expires, it can no longer be used to authenticate the connection between two parties, resulting in...

/ Exposed Network Ports

Exposed network ports are one of the most common vulnerabilities in IT infrastructure. It occurs when ports on a network are left open and exposed to the public internet, allowing malicious actors to access the network without authentication. This vulnerability is described in CWE-264, Improper Control of Access to Network...
Exposure of sensitive data in git repository is a type of information leakage vulnerability (CWE-200). It happens when sensitive data is accidentally committed and pushed to a public git repository, where it can be accessed by anyone. The vulnerability affects both Infrastructure and Web and API. According to the OWASP...
External Control of System or Configuration Setting (CWE-908) is a vulnerability that occurs when an external user is able to manipulate the system or configuration settings of a system. This type of vulnerability is typically found in web and API applications, as well as in infrastructure components, such as servers...

/ External Service Interaction (DNS)

External service interaction (DNS) is a type of network communication vulnerability. The Common Weakness Enumeration (CWE) directory identifies this vulnerability as CWE-400. This vulnerability occurs when an application interacts with an external service, such as a Domain Name System (DNS) server, and does not properly validate input. This can lead...
External service interaction (HTTP) is a type of authorization vulnerability where external services are exposed to malicious actors. It occurs when a web or API application interacts with an external service over HTTP, such as APIs, databases, web servers, or other services, and has not implemented proper authorization mechanisms. This...
External service interaction (SMTP) refers to a vulnerability in the software application, wherein the application interacts with external mail server services such as Simple Mail Transfer Protocol (SMTP). This vulnerability is classified as a type of authorization issue, as the application is not properly authorized by the user to interact...
External service interaction leaks IP addresses is a type of information leakage vulnerability (CWE-200) that occurs when a web or API infrastructure interacts with an external service, such as a third-party API. This type of vulnerability can lead to the exposure of sensitive data, such as IP addresses of users...
Highly privileged accounts are not in the Protected Users group is an IT vulnerability related to identity management (CWE-264). This vulnerability occurs when privileged accounts are not part of the Protected Users group, allowing them to bypass the default security settings of the operating system. This type of vulnerability is...

/ Insecure Password Reset

Insecure password reset is a vulnerability (CWE-309) that is found in Identity Management systems. It allows an attacker to exploit the system and reset a user's account password without their knowledge or consent. This type of attack can be performed through web and API interfaces as well as through infrastructure...

/ Internal Host Name Disclosure

Internal Host Name Disclosure is a type of Information Leakage vulnerability (CWE-200) that can occur in both Web and API applications as well as Infrastructure. It is a vulnerability that occurs when a system or application reveals its internal host name to the public, thus potentially exposing internal system information....

/ LDAP Injection

LDAP Injection (CWE-90) is a type of injection attack in which malicious code is inserted into LDAP statements via web form input. It occurs when user input is not sufficiently validated and is then used to construct LDAP statements that are passed to an LDAP server for execution. This type...
MAC Spoofing of Device with known PSK is a type of authentication vulnerability (CWE-287) that occurs in infrastructure. It is a type of attack in which the attacker changes the MAC address of the device with a known pre-shared key (PSK) in order to gain access to the network. This...

/ mDNS Detection

/ Members in Schema Admins Group

Members in Schema Admins group is an IT vulnerability that falls under the Identity Management category. It occurs in Infrastructure, where the members of the Schema Admins group are given excessive privileges. This vulnerability is classified as CWE-267: Permissions, Privileges, and Access Controls. It is also an important factor in...
Compliance checks for Microsoft Azure. ## Description Using the supplied credentials, an security audit against the Azure AD environment was performed. Within this issue the several findings which came up during the compliance check are described. The information on the several findings should be used to further harden the configuration of the...
Missing Certificate Pinning is an authentication vulnerability (CWE-295) that occurs when an application fails to verify a given certificate against its trusted peers, allowing a malicious certificate to be used as authentication. This type of vulnerability is often found in infrastructure applications, such as web browsers and mobile applications, as...
No confirmation mail after resetting password is a vulnerability in identity management systems that occurs when a user requests a password reset but does not receive a confirmation mail. This vulnerability was first identified in the CWE directory as CWE-804. It is also identified in the OWASP Testing Guide as...
No Multi-factor authentication is a vulnerability in authentication protocols that allows an attacker to gain access to systems or applications using only a single set of credentials. This vulnerability can be found in Infrastructure, Mobile App and Web and API. According to the OWASP Testing Guide, this vulnerability is best...

/ No Password Change Functionality

No password change functionality is a vulnerability in the identity management of IT infrastructure, mobile apps and web and API applications. It is classified as CWE-257, which is described as "Failure to Change a Password in a timely manner". According to OWASP Testing Guide, this type of vulnerability occurs when...
**NTLMv1** (_NT LAN Manager version 1_) and** LM** (_LAN Manager_) authentication are legacy authentication protocols used in older Windows operating systems for verifying the identity of users trying to access network resources. These authentication protocols have significant security vulnerabilities, and their use is strongly discouraged in modern environments. ## Risk - Weak...

/ Objects with Passwords that Never Expire

This refers to user accounts, service accounts, or other objects within an organization's IT infrastructure that have passwords set to never expire. These objects could include user accounts, privileged accounts, or system service accounts. When passwords for these objects are not subject to periodic expiration, it poses a security risk...
Old Password for krbtgt Account is a type of IT vulnerability that falls under the category of Authentication. This vulnerability occurs when the krbtgt account password is not changed regularly, thereby allowing attackers to gain access to the domain controller, and possibly other sensitive areas of the IT infrastructure. As...

/ Old Tls Version Enabled

Old TLS version enabled is a vulnerability in the Configuration Management of Web and API applications, as well as Infrastructure. This vulnerability can occur when an old version of the Transport Layer Security (TLS) protocol is enabled on a system, allowing an adversary to exploit known vulnerabilities associated with the...

/ Out-Of-Band Resource Load (HTTP)

Out-of-band resource load (HTTP) is a vulnerability in Network Communication as classified in the CWE (Common Weakness Enumeration) directory under CWE-917. It occurs when a Web and API application or Infrastructure allows a third party to access resources without first authenticating them. This vulnerability can be exploited when the resource...

/ Outdated Operating Systems

Outdated operating systems is an IT vulnerability categorized under patch management in the CWE directory (CWE-749). It is also classified as a vulnerability in the OWASP Testing Guide under the 'Infrastructure' category. Outdated operating systems are versions of operating systems that are no longer supported by their respective vendors and...

/ Outdated Software

Outdated software is a type of IT vulnerability which is categorized as a patch management issue. It is defined as the use of old and unsupported software, which can contain critical security flaws that attackers can exploit. The Open Web Application Security Project (OWASP) Testing Guide recommends that software is...

/ Password Hash Disclosure

Password hash disclosure is an information leakage vulnerability, which occurs when an application discloses the hashed form of a password, usually in plain text, making it easier for attackers to brute force guess the plain text password. Password hashes can be disclosed through web and API applications, infrastructure, and mobile...
Showing entries 1 to 50 of 87 entries.