[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

124222

 
 

909

 
 

106938

 
 

150

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

The software does not sufficiently delimit the arguments being passed to a component in another control sphere, allowing alternate arguments to be provided, leading to potentially security-relevant changes.

Weaknesses in this category are typically introduced during the configuration of the software.

A product can be used as an intermediary or proxy between an attacker and the ultimate target, so that the attacker can either bypass access controls or hide activities.

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

The software does not properly encode or decode the data, resulting in unexpected values.

The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies