Cybertechnoelite

    Browser cache weakness Severity: Medium Vulnerability description Browsers can store information for purposes of caching and history. Caching is used to improve performance, so that previously displayed information doesn’t need to be downloaded again. History mechanisms are used for user convenience, so the user can see exactly what they saw at the time when the resource was retrieved. If sensitive information is displayed to the user (such as their address, credit card details, Social Security Number, or username), then this information could be stored for purposes of caching or history, and therefore retrievable through examining the browser’s cache or by simply pressing the browser’s Back button. Impact Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries...

    Severity : Medium Vulnerability description Browsers will sometimes ask a user if they wish to remember the password that they just entered. The browser will then store the password, and automatically enter it whenever the same authentication form is visited. This is a convenience for the user. Having the browser store passwords is not only a convenience for end-users, but also for an attacker. If an attacker can gain access to the victim's browser (e.g. Through a Cross Site Scripting attack, or through a shared computer), then they can retrieve the stored passwords. It is observed that application allows the browse to store the password in plaintext. Impact If passwords are saved in plain text, the attacker to compromise the user accounts can use it. Attack simulation Password is shown in plain text in browser as save password popup. Recommendation Credentials should not store in plaintext in the browser. Affected URLs/parameters

  Credentials is not encrypted Severity: High Vulnerability description User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users. Impact A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. Attack simulation Capture the traffic through proxy tool and observe there is id and passwords are in plain text or not. Recommendation Secure information like Username, password and credit related data should be encrypted. Affected URLs/Parameters

  Improper Error Handling Severity: Medium Vulnerability description Improper handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker). These messages reveal implementation details that should never be revealed. Such details can provide hackers important clues on potential flaws in the site and such messages are also disturbing to normal users. Impact Often this will either reveal sensitive information which may be used for a later attack or private information stored in the server. Attack simulation  If any website has generate error on page which disclose the sensitive information.  Recommendation Ensure that error messages only contain minimal details that are useful to the intended audience, and nobody else. The messages need to strike the balance between being too cryptic an...

Severity: Medium Vulnerability description Properly controlling access to web content is crucial for running a secure web server. Directory traversal or Path Traversal is an HTTP attack which allows attackers to access restricted directories and execute commands outside of the web server’s root directory. Impact It may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. Attack simulation      check website through the dir buster tool and owasp zap tool forced browsing attack. Recommendation Prefer working without user input when using file system calls Use indexes rather than actual portions of file names when templating or using language files (i.e. Value 5 from the user submission = Czechoslovakian, rather than expecting the user to return “Czechoslovakian”) Ensure the user cannot supply all parts of the path – surround it wi...

Severity: Medium Vulnerability description Open ports allow attacker to get access of website through insecure ports. Impact Open ports can help in spreading malwares, exploiting vulnerabilities and unsafe configurations in services and applications running on open ports, causing downtime of line of business applications by running denial of service attacks on open ports belonging to less robust services. Attack simulation Scan the website through Nmap scanner for open ports.   Recommendation It is recommended to disable unnecessary ports. Affected urls/Parameters

Autocomplete enabled Severity: Medium Vulnerability Description Autocomplete when enabled provides ease of access to users and allows users not to type information repeatedly. However, when enabled for sensitive fields like usernames and passwords it leads to vulnerabilities like sensitive data exposure. Impact This ease of enabling auto-complete enabled allows an attacker to gather information related to the application and existing users and then leading to further attacks. Attack simulation  Observe by typing any text if any suggestion is come or not. check at text box autocomplete field is marked as off or not from the developer options. Recommendation It is recommended that set auto complete of for a sensitive information like user name and password etc. Affected URLs/parameters