#SecurityExplained S-89: CWE Top 25: CWE-522: Insufficiently Protected Credentials
The product transfers or saves authentication credentials, but it does so improperly that it can be intercepted or retrieved by unauthorized individuals.
1/n
2/n
This flaw relates to an architectural security approach that has been misdesigned. Another form of credential attack uses flaws in how passwords are encoded, saved, and handled by a web application, network, or software system.
3/n
Risky development practices, such as storing passwords in insecure locations, storing credentials in plaintext, storing user passwords using poor or reproducible cryptographic techniques, or using hard-coded credentials, generate vulnerabilities....
4/n ...that can be exploited to recover clients' credentials which can then be used to attack applications and other apps the user logs into.
# Example
The code below reads a password from a properties file and connects to a database using that password.
Example Language: Java
5/n
This code will run, but anyone with access to config(.)properties will be able to read the password value. If a malicious employee has access to this data, they can use it to hack the system.
6/n
# Potential Impact:
An attacker could access user accounts and sensitive data stored within them.
# Mitigation:
To secure the credentials, use an appropriate security mechanism.
7/n Creating a firm password policy in your organization, such as prohibiting the use of passwords found in recent data breaches or well-known weak passwords, or encouraging the use of long, randomly generated passwords in conjunction with password managers, to improve security.
n/n
• To protect the credentials, make proper use of cryptography.
• To secure credentials, follow industry best practices (e.g. LDAP, Keystore, etc.)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
#SecurityExplained S-88: CWE Top 25: CWE-732: Incorrect Permission Assignment for Critical Resource
The product defines permissions for a security-critical resource so that unwanted actors can read or modify it.
1/n
2/n When a resource's permissions are set to allow access to a broader range of actors than is required, sensitive information may be exposed, or undesired parties may modify the resource.
3/n
This is very risky when the resource is tied to program configuration, execution, or sensitive user data.
#SecurityExplained S-87: CWE Top 25: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
The product makes sensitive information available to someone who isn't explicitly permitted to access it.
1/n
2/n
CWE-200 arises when confidential information (e.g., application systems and network information, user-supplied data such as names email addresses) is made available to individuals who are not authorized to see it.
3/n
This flaw could be the outcome of various issues involving the disclosure of sensitive information.
When the following conditions exist, the information is considered sensitive:
2/n Applications that perform NoSQL operations based on tainted data can be exploited similarly to regular SQL injection bugs. Depending on the code, the same risks exist as with SQL injections: The attacker aims to access sensitive information or compromise data integrity.
3/n Attacks may involve the injection of query operators, JavaScript code, or string operations. This problem can be mitigated by using an Object Document Mapper (ODM) library or by validating user-supplied data based on its size or allowed characters.
2/n Deserialization based on data supplied by the user could result in two types of attacks:
Remote code execution attacks, where the structure of the serialized data is changed to modify the behavior of the object being unserialized.
3/n Parameter tampering attacks, where data is modified to escalate privileges or change for example quantity or price of products.
The best way to protect against deserialization attacks is probably to challenge the use of the deserialization mechanism in the application.