Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Attribute hasFragileUserData not set is a vulnerability for Mobile App and Android applications found in the Common Weakness Enumeration (CWE) directory. It is categorized as a Platform Usage vulnerability. This vulnerability occurs when an application does not explicitly declare a sensitive user data attribute (e.g. username, password, etc.) so that...
Attribute usesCleartextTraffic set is a type of IT vulnerability that is classified as a Network Communication vulnerability. This vulnerability is present in both Android and Mobile App systems, as well as in other similar systems. According to the CWE/SANS TOP 25 Most Dangerous Software Errors directory, this vulnerability occurs when...
Manufacturers want to provide device users with an aesthetically pleasing effect when an application is started or exited, so they introduced the concept of saving a screenshot when the application goes into the background.
## Risk
This feature can pose a security risk because screenshots (which may display sensitive information such as...
Insecure App Transport Security (ATS) Settings is a vulnerability in the network communication of iOS and Mobile Apps. According to the Common Weakness Enumeration (CWE) directory, this vulnerability is classified as CWE-319. This vulnerability occurs when an application does not properly configure the secure connection between the client and the...
Multi-Factor Authentication (MFA) is a security mechanism that adds an extra layer of protection to user accounts by requiring multiple forms of verification before granting access. This typically includes a combination of something the user knows (e.g., a password), something the user has (e.g., a smartphone or hardware token), and...
No Multi-factor authentication (CWE-287) is a vulnerability in authentication protocols that allows an attacker to gain access to systems or applications using only a single set of credentials. This vulnerability can be found in Infrastructure, Mobile App and Web and API. According to the OWASP Testing Guide, this vulnerability is...
No password change functionality is a vulnerability in the identity management of IT infrastructure, mobile apps and web and API applications. It is classified as CWE-257, which is described as "Failure to Change a Password in a timely manner". According to OWASP Testing Guide, this type of vulnerability occurs when...
Password hash disclosure is an information leakage vulnerability, listed in CWE-209, which occurs when an application discloses the hashed form of a password, usually in plain text, making it easier for attackers to brute force guess the plain text password. Password hashes can be disclosed through web and API applications,...
Password Hash with Insufficient Computational Effort (CWE-521) is a Cryptography vulnerability related to the use of weak password hashing algorithms. This type of vulnerability occurs in Mobile Apps, Infrastructure, Web and API. It happens when an application does not use a strong enough hashing algorithm for passwords, which can be...
Publicly reported vulnerabilities are security flaws reported by third parties or publicly available sources such as the Common Vulnerabilities and Exposures (CVE) directory. These vulnerabilities can affect Web and API, Infrastructure, and Mobile App systems. They are identified and classified according to the Common Weakness Enumeration (CWE) directory and the...
Root/Jailbreak detection is a type of IT vulnerability associated with mobile applications. This type of vulnerability, according to the Common Weakness Enumeration (CWE) directory, is classified as CWE-957 - Improper Control of Interaction Frequency. This type of vulnerability occurs when a mobile application does not adequately control the frequency of...
Task hijacking is a type of authorization vulnerability in which an attacker is able to take control of a user's session or task by intercepting the data, such as a session ID, intended for a legitimate user. It is defined in the Common Weakness Enumeration (CWE) directory as CWE-813. This...
Showing entries 1 to 12 of 12 entries.