All posts by rocco

CWE-315 – Cleartext Storage of Sensitive Information in a Cookie

Read Time:35 Second

Description

The application stores sensitive information in cleartext in a cookie.

Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-312

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

CVE References

  • CVE-2001-1537
    • Default configuration has cleartext usernames/passwords in cookie.
  • CVE-2005-2160
    • Authentication information stored in cleartext in a cookie.

CWE-316 – Cleartext Storage of Sensitive Information in Memory

Read Time:25 Second

Description

The application stores sensitive information in cleartext in memory.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-312

 

Consequences

Confidentiality: Read Memory

 

Potential Mitigations

CVE References

  • CVE-2001-1517
    • Sensitive authentication information in cleartext in memory.
  • BID:10155
    • Sensitive authentication information in cleartext in memory.
  • CVE-2001-0984
    • Password protector leaves passwords in memory when window is minimized, even when “clear password when minimized” is set.
  • CVE-2003-0291
    • SSH client does not clear credentials from memory.

CWE-317 – Cleartext Storage of Sensitive Information in GUI

Read Time:32 Second

Description

The application stores sensitive information in cleartext within the GUI.

An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-312

 

Consequences

Confidentiality: Read Memory, Read Application Data

 

Potential Mitigations

CVE References

  • CVE-2002-1848
    • Unencrypted passwords stored in GUI dialog may allow local users to access the passwords.

CWE-280 – Improper Handling of Insufficient Permissions or Privileges

Read Time:56 Second

Description

The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-755

 

Consequences

Other: Other, Alter Execution Logic

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Phase: Implementation

Description: 

Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures.

CVE References

  • CVE-2003-0501
    • Special file system allows attackers to prevent ownership/permission change of certain entries by opening the entries before calling a setuid program.
  • CVE-2004-0148
    • FTP server places a user in the root directory when the user’s permissions prevent access to the their own home directory.

CWE-281 – Improper Preservation of Permissions

Read Time:33 Second

Description

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-732
CWE-732

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

CVE References

  • CVE-2002-2323
    • Incorrect ACLs used when restoring backups from directories that use symbolic links.
  • CVE-2001-1515
    • Automatic modification of permissions inherited from another file system.
  • CVE-2005-1920
    • Permissions on backup file are created with defaults, possibly less secure than original file.

CWE-282 – Improper Ownership Management

Read Time:26 Second

Description

The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Access Control: Gain Privileges or Assume Identity

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

CVE References

  • CVE-1999-1125
    • Program runs setuid root but relies on a configuration file owned by a non-root user.

CWE-283 – Unverified Ownership

Read Time:39 Second

Description

The software does not properly verify that a critical resource is owned by the proper entity.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-282

 

Consequences

Access Control: Gain Privileges or Assume Identity

An attacker could gain unauthorized access to system resources.

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Phase: Architecture and Design

Description: 

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CVE References

  • CVE-2001-0178
    • Program does not verify the owner of a UNIX socket that is used for sending a password.
  • CVE-2004-2012
    • Owner of special device not checked, allowing root.

CWE-284 – Improper Access Control

Read Time:26 Second

Description

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Phase: Architecture and Design

Description: 

CVE References

  • CVE-2010-4624
    • Bulletin board applies restrictions on number of images during post creation, but does not enforce this on editing.

CWE-285 – Improper Authorization

Read Time:3 Minute, 49 Second

Description

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: “No access”, “Read access”, “Change access”, and “Full control”. Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-284
CWE-284

 

Consequences

Confidentiality: Read Application Data, Read Files or Directories

An attacker could read sensitive data, either by reading the data directly from a data store that is not properly restricted, or by accessing insufficiently-protected, privileged functionality to read the data.

Integrity: Modify Application Data, Modify Files or Directories

An attacker could modify sensitive data, either by writing the data directly to a data store that is not properly restricted, or by accessing insufficiently-protected, privileged functionality to write the data.

Access Control: Gain Privileges or Assume Identity

An attacker could gain privileges by modifying or reading critical data directly, or by accessing insufficiently-protected, privileged functionality.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Phase: Architecture and Design

Description: 

Ensure that you perform access control checks related to your business logic. These checks may be different than the access control checks that you apply to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient’s doctor.

Phase: Architecture and Design

Description: 

Phase: Architecture and Design

Description: 

Phase: System Configuration, Installation

Description: 

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a “default deny” policy when defining these ACLs.

CVE References

  • CVE-2009-3168
    • Web application does not restrict access to admin scripts, allowing authenticated users to reset administrative passwords.
  • CVE-2009-2960
    • Web application does not restrict access to admin scripts, allowing authenticated users to modify passwords of other users.
  • CVE-2009-3597
    • Web application stores database file under the web root with insufficient access control (CWE-219), allowing direct request.
  • CVE-2009-2282
    • Terminal server does not check authorization for guest access.
  • CVE-2009-3230
    • Database server does not use appropriate privileges for certain sensitive operations.
  • CVE-2009-2213
    • Gateway uses default “Allow” configuration for its authorization settings.
  • CVE-2009-0034
    • Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.
  • CVE-2008-6123
    • Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.
  • CVE-2008-5027
    • System monitoring software allows users to bypass authorization by creating custom forms.
  • CVE-2008-7109
    • Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.
  • CVE-2008-3424
    • Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.
  • CVE-2009-3781
    • Content management system does not check access permissions for private files, allowing others to view those files.
  • CVE-2008-4577
    • ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.
  • CVE-2008-6548
    • Product does not check the ACL of a page accessed using an “include” directive, allowing attackers to read unauthorized files.
  • CVE-2007-2925
    • Default ACL list for a DNS server does not set certain ACLs, allowing unauthorized DNS queries.
  • CVE-2006-6679
    • Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.
  • CVE-2005-3623
    • OS kernel does not check for a certain privilege before setting ACLs for files.
  • CVE-2005-2801
    • Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.
  • CVE-2001-1155
    • Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.

CWE-286 – Incorrect User Management

Read Time:16 Second

Description

The software does not properly manage a user within its environment.

Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Other: Varies by Context

 

Potential Mitigations

CVE References