From 04536c6773cdf91e1d86b65fc24e9f0eed33692b Mon Sep 17 00:00:00 2001 From: Ryan Rudder <96507400+RRudder@users.noreply.github.com> Date: Fri, 24 Nov 2023 13:11:44 +1000 Subject: [PATCH 1/9] denial of service to Denial of Service --- .../app_crash/malformed_android_intents/template.md | 6 +++--- .../app_crash/malformed_ios_url_schemes/template.md | 6 +++--- .../app_crash/template.md | 6 +++--- .../critical_impact_and_or_easy_difficulty/template.md | 6 +++--- .../high_impact_and_or_medium_difficulty/template.md | 6 +++--- .../application_level_denial_of_service_dos/template.md | 6 +++--- .../insecure_os_firmware/command_injection/template.md | 2 +- .../hardcoded_password/non_privileged_user/template.md | 2 +- .../hardcoded_password/privileged_user/template.md | 2 +- .../insecure_os_firmware/hardcoded_password/template.md | 2 +- submissions/description/insecure_os_firmware/template.md | 2 +- .../lack_of_exploit_mitigations/template.md | 2 +- .../lack_of_jailbreak_detection/template.md | 2 +- .../lack_of_obfuscation/template.md | 2 +- .../runtime_instrumentation_based/template.md | 2 +- .../description/lack_of_binary_hardening/template.md | 2 +- 16 files changed, 28 insertions(+), 28 deletions(-) diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md b/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md index 5b15d057..839f91e6 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. +Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. There is a local application-level DoS vulnerability within this Android application that causes it to crash. An attacker can use this vulnerability to provide empty, malformed, or irregular data via the Intent binding mechanism, crashing the application and making it unavailable for its designed purpose to legitimate users. @@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr {{parameter}} -1. Observe that the payload causes a denial of service +1. Observe that the payload causes a Denial of Service ## Proof of Concept (PoC) -The screenshot below demonstrates the denial of service: +The screenshot below demonstrates the Denial of Service: {{screenshot}} diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md b/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md index b4da8a6d..04700418 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. +Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. There is a local application-level DoS vulnerability within this iOS application that causes it to crash. An attacker can use this vulnerability to provide empty, malformed, or irregular data via a URL scheme, crashing the application and making it unavailable for its designed purpose to legitimate users. @@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr {{parameter}} -1. Observe that the payload causes a denial of service +1. Observe that the payload causes a Denial of Service ## Proof of Concept (PoC) -The screenshot below demonstrates the denial of service: +The screenshot below demonstrates the Denial of Service: {{screenshot}} diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/template.md b/submissions/description/application_level_denial_of_service_dos/app_crash/template.md index cef20be5..e5e79d3c 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/template.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. +Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. There is an application-level DoS vulnerability within this iOS or Android application that causes it to crash. An attacker can use this vulnerability to exhaust resources, making the application unavailable for its designed purpose to legitimate users. @@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr {{parameter}} -1. Observe that the payload causes a denial of service that has high impact or medium difficulty to be performed +1. Observe that the payload causes a Denial of Service that has high impact or medium difficulty to be performed ## Proof of Concept (PoC) -The screenshot below demonstrates the denial of service: +The screenshot below demonstrates the Denial of Service: {{screenshot}} diff --git a/submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md b/submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md index f8a83c5d..10014405 100644 --- a/submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md +++ b/submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. +Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. There is an application-level DoS vulnerability within this application that has critical impact or is easily performed. An attacker can use this vulnerability to exhaust resources, making the application unavailable for its designed purpose to legitimate users. @@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr {{parameter}} -1. Observe that the payload causes a denial of service that has critical impact or is easy to perform +1. Observe that the payload causes a Denial of Service that has critical impact or is easy to perform ## Proof of Concept (PoC) -The screenshot below demonstrates the denial of service: +The screenshot below demonstrates the Denial of Service: {{screenshot}} diff --git a/submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md b/submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md index 1a4c4107..1277748e 100644 --- a/submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md +++ b/submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. +Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. There is an application-level DoS vulnerability within this application that has high impact or medium difficulty to be performed. An attacker can use this vulnerability to exhaust resources, making the application unavailable for its designed purpose to legitimate users, but not take down the application for all users. @@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr {{parameter}} -1. Observe that the payload causes a denial of service that has high impact or medium difficulty to be performed +1. Observe that the payload causes a Denial of Service that has high impact or medium difficulty to be performed ## Proof of Concept (PoC) -The screenshot below demonstrates the denial of service: +The screenshot below demonstrates the Denial of Service: {{screenshot}} diff --git a/submissions/description/application_level_denial_of_service_dos/template.md b/submissions/description/application_level_denial_of_service_dos/template.md index 2e41ac8a..1e81788f 100644 --- a/submissions/description/application_level_denial_of_service_dos/template.md +++ b/submissions/description/application_level_denial_of_service_dos/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. +Application-level Denial of Service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame. There is an application-level DoS vulnerability within this application that an attacker can use to exhaust resources, making the application unavailable for its designed purpose to legitimate users. @@ -21,10 +21,10 @@ Application-level DoS can result in indirect financial loss for the business thr {{parameter}} -1. Observe that the payload causes a denial of service +1. Observe that the payload causes a Denial of Service ## Proof of Concept (PoC) -The screenshot below demonstrates the denial of service: +The screenshot below demonstrates the Denial of Service: {{screenshot}} diff --git a/submissions/description/insecure_os_firmware/command_injection/template.md b/submissions/description/insecure_os_firmware/command_injection/template.md index 6ecb0f07..7df77b15 100644 --- a/submissions/description/insecure_os_firmware/command_injection/template.md +++ b/submissions/description/insecure_os_firmware/command_injection/template.md @@ -7,7 +7,7 @@ When Operating System (OS) firmware is insecure, it broadens the application’s ## Business Impact -This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/insecure_os_firmware/hardcoded_password/non_privileged_user/template.md b/submissions/description/insecure_os_firmware/hardcoded_password/non_privileged_user/template.md index c4a047ad..04eb1a41 100644 --- a/submissions/description/insecure_os_firmware/hardcoded_password/non_privileged_user/template.md +++ b/submissions/description/insecure_os_firmware/hardcoded_password/non_privileged_user/template.md @@ -8,7 +8,7 @@ A hard-coded password for a non-privileged user was identified in the source cod ## Business Impact -This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/insecure_os_firmware/hardcoded_password/privileged_user/template.md b/submissions/description/insecure_os_firmware/hardcoded_password/privileged_user/template.md index 861aa566..0bd9529e 100644 --- a/submissions/description/insecure_os_firmware/hardcoded_password/privileged_user/template.md +++ b/submissions/description/insecure_os_firmware/hardcoded_password/privileged_user/template.md @@ -8,7 +8,7 @@ A hard-coded password for a privileged user was identified in the source code of ## Business Impact -This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/insecure_os_firmware/hardcoded_password/template.md b/submissions/description/insecure_os_firmware/hardcoded_password/template.md index d25bd4a0..4e54559c 100644 --- a/submissions/description/insecure_os_firmware/hardcoded_password/template.md +++ b/submissions/description/insecure_os_firmware/hardcoded_password/template.md @@ -8,7 +8,7 @@ Hard-coded passwords were identified in the source code of the application. An a ## Business Impact -This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/insecure_os_firmware/template.md b/submissions/description/insecure_os_firmware/template.md index 0c9adbc4..cdb67cf0 100644 --- a/submissions/description/insecure_os_firmware/template.md +++ b/submissions/description/insecure_os_firmware/template.md @@ -6,7 +6,7 @@ When Operating System (OS) firmware is insecure, it broadens the application’s ## Business Impact -This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to direct financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/lack_of_binary_hardening/lack_of_exploit_mitigations/template.md b/submissions/description/lack_of_binary_hardening/lack_of_exploit_mitigations/template.md index 19ca95bb..f1fd9b75 100644 --- a/submissions/description/lack_of_binary_hardening/lack_of_exploit_mitigations/template.md +++ b/submissions/description/lack_of_binary_hardening/lack_of_exploit_mitigations/template.md @@ -6,7 +6,7 @@ A lack of exploit mitigations in an application increases its attack surface and ## Business Impact -This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/lack_of_binary_hardening/lack_of_jailbreak_detection/template.md b/submissions/description/lack_of_binary_hardening/lack_of_jailbreak_detection/template.md index c267d891..fab04e23 100644 --- a/submissions/description/lack_of_binary_hardening/lack_of_jailbreak_detection/template.md +++ b/submissions/description/lack_of_binary_hardening/lack_of_jailbreak_detection/template.md @@ -6,7 +6,7 @@ A lack of jailbreak (iOS) or root access (Android) detections in an application ## Business Impact -This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/lack_of_binary_hardening/lack_of_obfuscation/template.md b/submissions/description/lack_of_binary_hardening/lack_of_obfuscation/template.md index c4299097..fc562b17 100644 --- a/submissions/description/lack_of_binary_hardening/lack_of_obfuscation/template.md +++ b/submissions/description/lack_of_binary_hardening/lack_of_obfuscation/template.md @@ -6,7 +6,7 @@ A lack of obfuscation of the source code of an application increases its attack ## Business Impact -This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/lack_of_binary_hardening/runtime_instrumentation_based/template.md b/submissions/description/lack_of_binary_hardening/runtime_instrumentation_based/template.md index d03aa4f3..94dbb17c 100644 --- a/submissions/description/lack_of_binary_hardening/runtime_instrumentation_based/template.md +++ b/submissions/description/lack_of_binary_hardening/runtime_instrumentation_based/template.md @@ -6,7 +6,7 @@ A lack of runtime instrumentation-based binary hardening of an application incre ## Business Impact -This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce diff --git a/submissions/description/lack_of_binary_hardening/template.md b/submissions/description/lack_of_binary_hardening/template.md index a2fb4091..d6c79f93 100644 --- a/submissions/description/lack_of_binary_hardening/template.md +++ b/submissions/description/lack_of_binary_hardening/template.md @@ -6,7 +6,7 @@ A lack of binary hardening of an application increases its attack surface and le ## Business Impact -This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or denial of service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. +This vulnerability can lead to indirect financial loss to the company due to data theft, application manipulation and corruption, or Denial of Service to customers and users of the application. It can also lead to reputational damage as customers may view the application as insecure. ## Steps to Reproduce From c573b05b3f6280de752bbda16679cc3aebf11c6e Mon Sep 17 00:00:00 2001 From: Ryan Rudder <96507400+RRudder@users.noreply.github.com> Date: Fri, 24 Nov 2023 13:16:31 +1000 Subject: [PATCH 2/9] Replaced Navigate to {{url}} with Navigate to the following URL: {{url}} --- .../app_crash/malformed_android_intents/template.md | 2 +- .../app_crash/malformed_ios_url_schemes/template.md | 2 +- .../app_crash/template.md | 2 +- .../application_level_denial_of_service_dos/template.md | 2 +- .../user_password_persisted_in_memory/template.md | 2 +- .../template.md | 2 +- submissions/description/insecure_data_storage/template.md | 2 +- .../clipboard_enabled/template.md | 2 +- .../mobile_security_misconfiguration/tapjacking/template.md | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md b/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md index 839f91e6..2c4d741d 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md @@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr ## Steps to Reproduce -1. Navigate to {{url}} +1. Navigate to the following URL: {{url}} 1. Use the following payload: {{payload}} diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md b/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md index 04700418..96d6de64 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md @@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr ## Steps to Reproduce -1. Navigate to {{url}} +1. Navigate to the following URL: {{url}} 1. Use the following payload: {{payload}} diff --git a/submissions/description/application_level_denial_of_service_dos/app_crash/template.md b/submissions/description/application_level_denial_of_service_dos/app_crash/template.md index e5e79d3c..16b31590 100644 --- a/submissions/description/application_level_denial_of_service_dos/app_crash/template.md +++ b/submissions/description/application_level_denial_of_service_dos/app_crash/template.md @@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr ## Steps to Reproduce -1. Navigate to {{url}} +1. Navigate to the following URL: {{url}} 1. Use the following payload: {{payload}} diff --git a/submissions/description/application_level_denial_of_service_dos/template.md b/submissions/description/application_level_denial_of_service_dos/template.md index 1e81788f..57b0c41d 100644 --- a/submissions/description/application_level_denial_of_service_dos/template.md +++ b/submissions/description/application_level_denial_of_service_dos/template.md @@ -12,7 +12,7 @@ Application-level DoS can result in indirect financial loss for the business thr ## Steps to Reproduce -1. Navigate to {{url}} +1. Navigate to the following URL: {{url}} 1. Use the following payload: {{payload}} diff --git a/submissions/description/external_behavior/user_password_persisted_in_memory/template.md b/submissions/description/external_behavior/user_password_persisted_in_memory/template.md index 047be757..9d7d2a70 100644 --- a/submissions/description/external_behavior/user_password_persisted_in_memory/template.md +++ b/submissions/description/external_behavior/user_password_persisted_in_memory/template.md @@ -12,7 +12,7 @@ This vulnerability can lead to reputational damage for the business due to a los 1. Utilize some software that allows computer memory to be accessed in a human-readable format 1. Log in to the application -1. Navigate to {{url}} and perform {{action}} +1. Navigate to the following URL: {{url}} and perform {{action}} 1. Cease using the application 1. Using the computer memory viewer, view the password of the user that remained in memory after use diff --git a/submissions/description/insecure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md b/submissions/description/insecure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md index 39e82811..fa2b7d6c 100644 --- a/submissions/description/insecure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md +++ b/submissions/description/insecure_data_storage/non_sensitive_application_data_stored_unencrypted/template.md @@ -12,7 +12,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Login to the application and input data so that it is stored by the application 1. Navigate to where the application stores the gathered information -1. Navigate to {{url}} +1. Navigate to the following URL: {{url}} 1. Observe the application data that is stored unencrypted ## Proof of Concept (PoC) diff --git a/submissions/description/insecure_data_storage/template.md b/submissions/description/insecure_data_storage/template.md index a4dc69a2..9cc5ce0b 100644 --- a/submissions/description/insecure_data_storage/template.md +++ b/submissions/description/insecure_data_storage/template.md @@ -12,7 +12,7 @@ This vulnerability can lead to reputational damage and indirect financial loss t 1. Login to the application and input data so that it is stored by the application 1. Navigate to where the application stores the gathered information -1. Navigate to {{url}} +1. Navigate to the following URL: {{url}} 1. Observe the application data that is stored unencrypted ## Proof of Concept (PoC) diff --git a/submissions/description/mobile_security_misconfiguration/clipboard_enabled/template.md b/submissions/description/mobile_security_misconfiguration/clipboard_enabled/template.md index 29a3f4d4..934f7f5f 100644 --- a/submissions/description/mobile_security_misconfiguration/clipboard_enabled/template.md +++ b/submissions/description/mobile_security_misconfiguration/clipboard_enabled/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage as customers may view the app ## Steps to Reproduce 1. Install the application on your mobile device -1. Navigate to {{url}} and copy some sensitive account information +1. Navigate to the following URL: {{url}} and copy some sensitive account information 1. Paste this data in some other area of your mobile device and observe that access to the clipboard was enabled in the application ## Proof of Concept (PoC) diff --git a/submissions/description/mobile_security_misconfiguration/tapjacking/template.md b/submissions/description/mobile_security_misconfiguration/tapjacking/template.md index c4b77353..9d2a180d 100644 --- a/submissions/description/mobile_security_misconfiguration/tapjacking/template.md +++ b/submissions/description/mobile_security_misconfiguration/tapjacking/template.md @@ -13,7 +13,7 @@ This vulnerability can lead to reputational damage as customers may view the app ## Steps to Reproduce 1. View the source code files of the application -1. Navigate to {{url}} and view the sensitive UI functionality does not have the attribute `"filterTouchesWhenObscured="true"`, thus allowing tapjacking attacks on certain Android OS versions +1. Navigate to the following URL: {{url}} and view the sensitive UI functionality does not have the attribute `"filterTouchesWhenObscured="true"`, thus allowing tapjacking attacks on certain Android OS versions ## Proof of Concept (PoC) From a50272f428f2aaab764cae58cd1a0fe35036c12b Mon Sep 17 00:00:00 2001 From: Ryan Rudder <96507400+RRudder@users.noreply.github.com> Date: Mon, 27 Nov 2023 15:15:47 +1000 Subject: [PATCH 3/9] Update first instances of SSL Updated all first instances of SSL to read as Secure Sockets Layer (SSL) --- .../ssl_certificate_pinning/absent/recommendations.md | 2 +- .../ssl_certificate_pinning/absent/template.md | 4 ++-- .../defeatable/recommendations.md | 2 +- .../ssl_certificate_pinning/defeatable/template.md | 4 ++-- .../ssl_certificate_pinning/recommendations.md | 2 +- .../ssl_certificate_pinning/template.md | 4 ++-- .../pii_leakage_exposure/template.md | 2 +- .../description/sensitive_data_exposure/template.md | 2 +- .../insecure_ssl/insecure_cipher_suite/template.md | 10 +++++----- .../insecure_ssl/recommendations.md | 2 +- .../insecure_ssl/template.md | 8 ++++---- .../ssl_attack_breach_poodle_etc/template.md | 4 ++-- .../open_redirect/flash_based/template.md | 2 +- .../open_redirect/get_based/template.md | 2 +- .../open_redirect/header_based/template.md | 2 +- .../open_redirect/post_based/template.md | 2 +- .../open_redirect/template.md | 2 +- .../unvalidated_redirects_and_forwards/template.md | 2 +- 18 files changed, 29 insertions(+), 29 deletions(-) diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/recommendations.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/recommendations.md index 1d76d600..31833091 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/recommendations.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/recommendations.md @@ -1,6 +1,6 @@ # Recommendation(s) -It is recommended to implement SSL certificate pinning for the application. +It is recommended to implement Sockets Layer (SSL) certificate pinning for the application. It is also recommended that the mobile application’s security is managed through a repeatable configuration process which covers application hardening, updates, and patches. There should be a verification process through the development and delivery cycles which tests the effectiveness of the configurations and settings. diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md index 535a4930..8d0d0817 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md @@ -1,8 +1,8 @@ -# Mobile Security Misconfiguration (SSL Certificate Pinning Absent) +# Absent Sockets Layer (SSL) Certificate Pinning ## Overview of the Vulnerability -Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. SSL pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. +Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. Without SSL certificate pinning, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/recommendations.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/recommendations.md index ec955ddb..9ecdd159 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/recommendations.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/recommendations.md @@ -1,6 +1,6 @@ # Recommendation(s) -It is recommended to securely implement SSL certificate pinning for the application. +It is recommended to securely implement Sockets Layer (SSL) certificate pinning for the application. It is also recommended that the mobile application’s security is managed through a repeatable configuration process which covers application hardening, updates, and patches. There should be a verification process through the development and delivery cycles which tests the effectiveness of the configurations and settings. diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md index 204693c4..b014e17c 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md @@ -1,8 +1,8 @@ -# Mobile Security Misconfiguration (SSL Certificate Pinning Defeatable) +# Defeatable Secure Sockets Layer (SSL) Certificate Pinning ## Overview of the Vulnerability -Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. SSL pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. +Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. When SSL certificate pinning is defeatable, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/recommendations.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/recommendations.md index ec955ddb..9c5ee801 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/recommendations.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/recommendations.md @@ -1,6 +1,6 @@ # Recommendation(s) -It is recommended to securely implement SSL certificate pinning for the application. +It is recommended to securely implement Secure Sockets Layer (SSL) certificate pinning for the application. It is also recommended that the mobile application’s security is managed through a repeatable configuration process which covers application hardening, updates, and patches. There should be a verification process through the development and delivery cycles which tests the effectiveness of the configurations and settings. diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/template.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/template.md index 58f34e24..0a27f13e 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/template.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/template.md @@ -1,8 +1,8 @@ -# Mobile Security Misconfiguration (SSL Certificate Pinning) +# Secure Sockets Layer (SSL) Certificate Pinning ## Overview of the Vulnerability -Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. SSL pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. +Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Secure Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. When SSL certificate pinning is misconfigured, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. diff --git a/submissions/description/sensitive_data_exposure/pii_leakage_exposure/template.md b/submissions/description/sensitive_data_exposure/pii_leakage_exposure/template.md index 371ee144..32cc59c6 100644 --- a/submissions/description/sensitive_data_exposure/pii_leakage_exposure/template.md +++ b/submissions/description/sensitive_data_exposure/pii_leakage_exposure/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Personally Identifiable Information (PII) exposure can occur when sensitive data is not encrypted, or behind an authorization barrier. When PII is exposed it can place sensitive data, such as secrets, at risk. This can occur due to a variety of scenarios such as not encrypting data, SSL not being used for authenticated pages, or passwords being stored using unsalted hashes. Examples of such data include, but are not limited to: Social Security Numbers (SSN), medical data, banking information, and login credentials. +Personally Identifiable Information (PII) exposure can occur when sensitive data is not encrypted, or behind an authorization barrier. When PII is exposed it can place sensitive data, such as secrets, at risk. This can occur due to a variety of scenarios such as not encrypting data, Secure Sockets Layer (SSL) not being used for authenticated pages, or passwords being stored using unsalted hashes. Examples of such data include, but are not limited to: Social Security Numbers (SSN), medical data, banking information, and login credentials. Sensitive data relating to the business was exposed. This data could be exfiltrated and used by an attacker to sell access to databases and database content, or use credentials identified to take over accounts, amongst other attack vectors. diff --git a/submissions/description/sensitive_data_exposure/template.md b/submissions/description/sensitive_data_exposure/template.md index 31584f4f..0851d903 100644 --- a/submissions/description/sensitive_data_exposure/template.md +++ b/submissions/description/sensitive_data_exposure/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Sensitive data exposure can occur when sensitive data is not encrypted, or behind an authorization barrier. When this information is exposed it can place sensitive data, such as secrets, at risk. This can occur due to a variety of scenarios such as not encrypting data, SSL not being used for authenticated pages, or passwords being stored using unsalted hashes. Examples of such data include, but are not limited to: personally identifiable information (PII), Social Security numbers, medical data, banking information, and login credentials. +Sensitive data exposure can occur when sensitive data is not encrypted, or behind an authorization barrier. When this information is exposed it can place sensitive data, such as secrets, at risk. This can occur due to a variety of scenarios such as not encrypting data, Secure Sockets Layer (SSL) not being used for authenticated pages, or passwords being stored using unsalted hashes. Examples of such data include, but are not limited to: personally identifiable information (PII), Social Security numbers, medical data, banking information, and login credentials. Sensitive data relating to the business was exposed. This data could be exfiltrated and used by an attacker to sell access to databases and database content, or use credentials identified to take over accounts, amongst other attack vectors. diff --git a/submissions/description/server_security_misconfiguration/insecure_ssl/insecure_cipher_suite/template.md b/submissions/description/server_security_misconfiguration/insecure_ssl/insecure_cipher_suite/template.md index 26ef39ac..05d75817 100644 --- a/submissions/description/server_security_misconfiguration/insecure_ssl/insecure_cipher_suite/template.md +++ b/submissions/description/server_security_misconfiguration/insecure_ssl/insecure_cipher_suite/template.md @@ -2,8 +2,8 @@ ## Overview of the Vulnerability -Cipher suites are the encryption algorithms used to negotiate the security of the TLS handshake between a client and a server, as well as the transfer of data. There are multiple cipher suites which vary depending on order of use and which TLS protocol is supported. Insecure cipher suites are those with known vulnerabilities which can lead to client and server connection being vulnerable. -An attacker can use the weak cipher suite implementation for this application to break the chain of trust between the client and the server and execute a Denial of Service (DoS) attack, or Person-in-The-Middle (PitM) the connection to view or manipulate data in transit. +Cipher suites are the encryption algorithms used to negotiate the security of the Transport Layer Security (TLS) handshake between a client and a server, as well as the transfer of data. There are multiple cipher suites which vary depending on order of use and which TLS protocol is supported. Insecure cipher suites are those with known vulnerabilities which can lead to client and server connection being vulnerable. +An attacker can use the weak cipher suite implementation for this application to break the chain of trust between the client and the server and execute a Denial of Service (DoS) attack, or Man-in-the-Middle (MitM) the connection to view or manipulate data in transit. ## Business Impact @@ -18,6 +18,6 @@ Insecure cipher suites can lead to reputational damage for the business due to a ## Proof of Concept (PoC) -The screenshot below demonstrates the insecure cipher suite: - -{{screenshot}} +The screenshot(s) below demonstrate(s) the vulnerability: +> +> {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/insecure_ssl/recommendations.md b/submissions/description/server_security_misconfiguration/insecure_ssl/recommendations.md index 8baf2e1c..25713e6c 100644 --- a/submissions/description/server_security_misconfiguration/insecure_ssl/recommendations.md +++ b/submissions/description/server_security_misconfiguration/insecure_ssl/recommendations.md @@ -4,6 +4,6 @@ It is recommended that only strong protocols, such as TLS 1.3, and strong cipher For more information, please see: -- - - +- diff --git a/submissions/description/server_security_misconfiguration/insecure_ssl/template.md b/submissions/description/server_security_misconfiguration/insecure_ssl/template.md index 0dd79626..883e9d99 100644 --- a/submissions/description/server_security_misconfiguration/insecure_ssl/template.md +++ b/submissions/description/server_security_misconfiguration/insecure_ssl/template.md @@ -1,10 +1,10 @@ -# Insecure SSL +# Insecure Secure Socket Layer (SSL) ## Overview of the Vulnerability -Insecure SSL refers to implementation flaws within the configuration of Secure Socket Layer (SSL)/Transport Layer Security (TLS), the security of the transport layer through encryption. +Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL). Insecure SSL refers to implementation flaws within the configuration of TLS, or use of the insecure SSL protocols. -The insecure configuration of SSL within this application can lead to the connection between client and server being vulnerable. An attacker can use this weakness to execute a Denial of Service (DoS) attack, or Person-in-The-Middle (PiTM) the connection between the client and server to view or manipulate data in transit. +The insecure configuration of TLS within this application can lead to the connection between client and server being vulnerable. An attacker can use this weakness to execute a Denial of Service (DoS) attack, or Man-in-the-Middle (MitM) the connection between the client and server to view or manipulate data in transit. ## Business Impact @@ -19,6 +19,6 @@ Insecure SSL can lead to reputational damage for the business due to a loss in c ## Proof of Concept (PoC) -The screenshot below demonstrates the insecure SSL: +The screenshot(s) below demonstrate(s) the vulnerability: {{screenshot}} diff --git a/submissions/description/server_security_misconfiguration/ssl_attack_breach_poodle_etc/template.md b/submissions/description/server_security_misconfiguration/ssl_attack_breach_poodle_etc/template.md index ec6e990d..3b1804e7 100644 --- a/submissions/description/server_security_misconfiguration/ssl_attack_breach_poodle_etc/template.md +++ b/submissions/description/server_security_misconfiguration/ssl_attack_breach_poodle_etc/template.md @@ -1,8 +1,8 @@ -# SSL Attack BREACH and POODLE +# Secure Sockets Layer (SSL) Attack BREACH or POODLE ## Overview of the Vulnerability -Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) and Padding Oracle On Downgraded Legacy Encryption (POODLE) are vulnerabilities in SSL and TLS that allows a malicious attacker to injection plaintext into a victim's request or force an SSL downgrade to decrypt encrypted data over thousands of requests. This application is vulnerable to a BREACH/POODLE attack as it supports outdated versions of SSL or TLS. +Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) and Padding Oracle On Downgraded Legacy Encryption (POODLE) are vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) that allows a malicious attacker to injection plaintext into a victim's request or force an SSL downgrade to decrypt encrypted data over thousands of requests. This application is vulnerable to a BREACH/POODLE attack as it supports outdated versions of SSL or TLS. ## Business Impact diff --git a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/flash_based/template.md b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/flash_based/template.md index 9b92b396..8fb40ab2 100644 --- a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/flash_based/template.md +++ b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/flash_based/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Open redirects enable an attacker to manipulate a user by redirecting them to a malicious site. A flash-based open redirect was identified which can impact users’ ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid SSL certificate can be used within the phishing link. +Open redirects enable an attacker to manipulate a user by redirecting them to a malicious site. A flash-based open redirect was identified which can impact users’ ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid Secure Sockets Layer (SSL) certificate can be used within the phishing link. This type of attack is also a precursor for more serious vulnerabilities such as Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Cross-Site Request Forgery (CSRF), or successful phishing attempts where an attacker can harvest users’ credentials or gain users’ OAuth access. diff --git a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/get_based/template.md b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/get_based/template.md index 9d9b0015..eecde5c4 100644 --- a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/get_based/template.md +++ b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/get_based/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Open redirects enable an attacker to manipulate a user by redirecting them to a malicious site. A GET-based open redirect was identified which can impact users' ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid SSL certificate can be used within the phishing link. +Open redirects enable an attacker to manipulate a user by redirecting them to a malicious site. A GET-based open redirect was identified which can impact users' ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid Secure Sockets Layer (SSL) certificate can be used within the phishing link. This type of attack is also a precursor for more serious vulnerabilities such as Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Cross-Site Request Forgery (CSRF), or successful phishing attempts where an attacker can harvest users' credentials or gain users' OAuth access by relaying them through an Open Redirection, to a server they control (and can see the inbound requests from). diff --git a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/header_based/template.md b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/header_based/template.md index d1927f26..879580fe 100644 --- a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/header_based/template.md +++ b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/header_based/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Open redirects enable an attacker to manipulate a user by redirecting them to a malicious site. A header-based open redirection was identified which can impact users’ ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid SSL certificate can be used within the phishing link. +Open redirects enable an attacker to manipulate a user by redirecting them to a malicious site. A header-based open redirection was identified which can impact users’ ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid Secure Sockets Layer (SSL) certificate can be used within the phishing link. This type of attack is also a precursor for more serious vulnerabilities such as Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Cross-Site Request Forgery (CSRF), or successful phishing attempts where an attacker can harvest users’ credentials or gain users’ OAuth access. diff --git a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/post_based/template.md b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/post_based/template.md index e4079b5f..de0ba7b7 100644 --- a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/post_based/template.md +++ b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/post_based/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Open redirects enable an attacker to manipulate a user by redirecting them to a malicious site. A POST-based open redirection was identified which can impact users’ ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid SSL certificate can be used within the phishing link. +Open redirects enable an attacker to manipulate a user by redirecting them to a malicious site. A POST-based open redirection was identified which can impact users’ ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid Secure Sockets Layer (SSL) certificate can be used within the phishing link. This type of attack is also a precursor for more serious vulnerabilities such as Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Cross-Site Request Forgery (CSRF), or successful phishing attempts where an attacker can harvest users’ credentials or gain users’ OAuth access. diff --git a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/template.md b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/template.md index 8a0f5ac3..f247fd22 100644 --- a/submissions/description/unvalidated_redirects_and_forwards/open_redirect/template.md +++ b/submissions/description/unvalidated_redirects_and_forwards/open_redirect/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Open redirects occur when an application accepts user input that is not validated into the target of a redirection. This input causes a redirection to an external domain, manipulating a user by redirecting them to a malicious site. An open redirect was identified which can impact users' ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid SSL certificate can be used within the phishing link. +Open redirects occur when an application accepts user input that is not validated into the target of a redirection. This input causes a redirection to an external domain, manipulating a user by redirecting them to a malicious site. An open redirect was identified which can impact users' ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid Secure Sockets Layer (SSL) certificate can be used within the phishing link. This type of attack is also a precursor for more serious vulnerabilities such as Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Cross-Site Request Forgery (CSRF), or successful phishing attempts where an attacker can harvest users' credentials or gain users' OAuth access by relaying them through an Open Redirection, to a server they control (and can see the inbound requests from). diff --git a/submissions/description/unvalidated_redirects_and_forwards/template.md b/submissions/description/unvalidated_redirects_and_forwards/template.md index 77ddc45e..2b269b78 100644 --- a/submissions/description/unvalidated_redirects_and_forwards/template.md +++ b/submissions/description/unvalidated_redirects_and_forwards/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Unvalidated redirects and forwards occur when an application accepts user input that is not validated into the target of a redirection. This input causes a redirection to an external domain, manipulating a user by redirecting them to a malicious site. An open redirect was identified which can impact users' ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid SSL certificate can be used within the phishing link. +Unvalidated redirects and forwards occur when an application accepts user input that is not validated into the target of a redirection. This input causes a redirection to an external domain, manipulating a user by redirecting them to a malicious site. An open redirect was identified which can impact users' ability to trust legitimate web pages. An attacker can send a phishing email that contains a link with a legitimate business name in the URL and the user will be redirected from the legitimate web server to any external domain. Users are less likely to notice subsequent redirects to different domains when an authentic URL with a valid Secure Sockets Layer (SSL) certificate can be used within the phishing link. This type of attack is also a precursor for more serious vulnerabilities such as Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Cross-Site Request Forgery (CSRF), or successful phishing attempts where an attacker can harvest users' credentials or gain users' OAuth access by relaying them through an Open Redirection, to a server they control (and can see the inbound requests from). From 1e4fada41f266569accfba8bd6076cd641c42599 Mon Sep 17 00:00:00 2001 From: Ryan Rudder <96507400+RRudder@users.noreply.github.com> Date: Mon, 27 Nov 2023 15:22:58 +1000 Subject: [PATCH 4/9] Removed hyphen from clickjacking --- .../content_security_policy/template.md | 2 +- .../content_security_policy_report_only/template.md | 2 +- .../lack_of_security_headers/template.md | 2 +- .../x_content_security_policy/template.md | 2 +- .../lack_of_security_headers/x_frame_options/template.md | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy/template.md index 03541186..bcbaecd4 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -A lack of the HTTP response header for Content Security Policy (CSP) can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and click-jacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page. +A lack of the HTTP response header for Content Security Policy (CSP) can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and clickjacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page. An advanced attacker can leverage a missing `Content-Security-Policy` header to launch XSS attacks and execute malicious code in a user’s browser. diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/template.md index 04356098..36a3dec6 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -A lack of the HTTP response header for `Content-Security-Policy-Report-Only` can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS) and click-jacking attacks without being detected. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy-Report-Only` security header allows for a report to be generated each time the browser detects a violation from the Content Security Policy (CSP). +A lack of the HTTP response header for `Content-Security-Policy-Report-Only` can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS) and clickjacking attacks without being detected. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy-Report-Only` security header allows for a report to be generated each time the browser detects a violation from the Content Security Policy (CSP). An advanced attacker can leverage a missing `Content-Security-Policy-Report-Only` header to launch XSS attacks and execute malicious code in a user’s browser without detection. diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/template.md index 75879b6a..171272a9 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -A lack of HTTP response security headers can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS), Machine-in-the-Middle (MitM), click-jacking, and some local network attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. +A lack of HTTP response security headers can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS), Man-in-the-Middle (MitM), clickjacking, and some local network attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. An advanced attacker can leverage a missing security headers to bypass security controls of an application to execute code within a user's browser or capture data in transit. diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/template.md index 69699c5e..edd8ae20 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -A lack of the HTTP response header for `X-Content-Security-Policy` can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and click-jacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page. +A lack of the HTTP response header for `X-Content-Security-Policy` can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and clickjacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page. An advanced attacker can leverage a missing `X-Content-Security-Policy` header to launch XSS attacks and execute malicious code in a user’s browser. diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_frame_options/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_frame_options/template.md index 8fec6a62..ee36b3a7 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_frame_options/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/x_frame_options/template.md @@ -4,11 +4,11 @@ A lack of the HTTP response header for `X-Frame-Options` can lead to sensitive user data being retrieved by an attacker. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Frame-Options` security header is used to instruct a browser whether it should or should not render an `