[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

137225

 
 

909

 
 

112105

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

The software does not handle or incorrectly handles an exceptional condition.

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Weaknesses in this category are related to improper handling of communication channels and access paths.

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies