Tag: access-control

Improper privilege management

Privilege escalation happens when a malicious user gains elevated access to resources that should be unavailable to them.

Unauthenticated LDAP requests

Unauthenticated LDAP requests can allow untrusted access to LDAP servers.

Loose file permissions

Weak file permissions can lead to privilege escalation.

Improper authentication

Your code doesn't sufficiently authenticate identities provided by its users.

Improper certificate validation

Lack of validation of a security certificate can lead to host impersonation and sensitive data leaks.

AWS credentials logged

Logging unencrypted AWS credentials can expose them to an attacker.

Unauthenticated Amazon SNS unsubscribe requests might succeed

Failing to set the AuthenticateOnUnsubscribe flag to True when confirming an SNS subscription can lead to unauthenticated cancellations.

Clear text credentials

Credentials that are stored in clear text can be intercepted by a malicious actor.