Cybertechnoelite

    Browser cache weakness Severity: Medium Vulnerability description Browsers can store information for purposes of caching and history. Caching is used to improve performance, so that previously displayed information doesn’t need to be downloaded again. History mechanisms are used for user convenience, so the user can see exactly what they saw at the time when the resource was retrieved. If sensitive information is displayed to the user (such as their address, credit card details, Social Security Number, or username), then this information could be stored for purposes of caching or history, and therefore retrievable through examining the browser’s cache or by simply pressing the browser’s Back button. Impact Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries and Inte

    Severity : Medium Vulnerability description Browsers will sometimes ask a user if they wish to remember the password that they just entered. The browser will then store the password, and automatically enter it whenever the same authentication form is visited. This is a convenience for the user. Having the browser store passwords is not only a convenience for end-users, but also for an attacker. If an attacker can gain access to the victim's browser (e.g. Through a Cross Site Scripting attack, or through a shared computer), then they can retrieve the stored passwords. It is observed that application allows the browse to store the password in plaintext. Impact If passwords are saved in plain text, the attacker to compromise the user accounts can use it. Attack simulation Password is shown in plain text in browser as save password popup. Recommendation Credentials should not store in plaintext in the browser. Affected URLs/parameters

  Credentials is not encrypted Severity: High Vulnerability description User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users. Impact A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. Attack simulation Capture the traffic through proxy tool and observe there is id and passwords are in plain text or not. Recommendation Secure information like Username, password and credit related data should be encrypted. Affected URLs/Parameters

  Improper Error Handling Severity: Medium Vulnerability description Improper handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker). These messages reveal implementation details that should never be revealed. Such details can provide hackers important clues on potential flaws in the site and such messages are also disturbing to normal users. Impact Often this will either reveal sensitive information which may be used for a later attack or private information stored in the server. Attack simulation  If any website has generate error on page which disclose the sensitive information.  Recommendation Ensure that error messages only contain minimal details that are useful to the intended audience, and nobody else. The messages need to strike the balance between being too cryptic and not being cr

Severity: Medium Vulnerability description Properly controlling access to web content is crucial for running a secure web server. Directory traversal or Path Traversal is an HTTP attack which allows attackers to access restricted directories and execute commands outside of the web server’s root directory. Impact It may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. Attack simulation      check website through the dir buster tool and owasp zap tool forced browsing attack. Recommendation Prefer working without user input when using file system calls Use indexes rather than actual portions of file names when templating or using language files (i.e. Value 5 from the user submission = Czechoslovakian, rather than expecting the user to return “Czechoslovakian”) Ensure the user cannot supply all parts of the path – surround it with your path code

Severity: Medium Vulnerability description Open ports allow attacker to get access of website through insecure ports. Impact Open ports can help in spreading malwares, exploiting vulnerabilities and unsafe configurations in services and applications running on open ports, causing downtime of line of business applications by running denial of service attacks on open ports belonging to less robust services. Attack simulation Scan the website through Nmap scanner for open ports.   Recommendation It is recommended to disable unnecessary ports. Affected urls/Parameters

Autocomplete enabled Severity: Medium Vulnerability Description Autocomplete when enabled provides ease of access to users and allows users not to type information repeatedly. However, when enabled for sensitive fields like usernames and passwords it leads to vulnerabilities like sensitive data exposure. Impact This ease of enabling auto-complete enabled allows an attacker to gather information related to the application and existing users and then leading to further attacks. Attack simulation  Observe by typing any text if any suggestion is come or not. check at text box autocomplete field is marked as off or not from the developer options. Recommendation It is recommended that set auto complete of for a sensitive information like user name and password etc. Affected URLs/parameters

Severity: Low Vulnerability disclosure Banner Grabbing is a technique used to gain information about a remote server. Additionally, this technique is use to get information about remote servers. Impact An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified. Attack simulation Install Wapp analyzer extensions in the google chrome and observe the details of website’s is disclosed.   Recommendation Website development relevant information should not disclose to users about language and its version used for the developing the website. Affected urls/Parameters

 Vulnerability description This HTTP header is typically used to control the MIME Type Sniffing function in web browsers. MIME Type Sniffing is a content evaluation function used by browsers when the content type is not specified. Basically, if the Content-Type header is blank or missing, the browser 'sniffs' the content and attempts to display the source in the most appropriate way. Impact If the Content-Type header is blank or missing, the browser 'sniffs' the content and attempts to display the source in the most appropriate way. Attack simulation Check response header information through owasp zap tool captured traffic. Recommendation Ensure each page is setting the specific and appropriate content-type value for the content being delivered. Affected urls/Parameters