Security Misconfiguration

Configuration decisions in the application and in how it is deployed. Some examples are the use of default accounts or credentials in administrative tools or the maintenance of unnecessary features. We can find some scenarios where this vulnerability is found:

HTTP Parameter Pollution (HPP): Exploits improper handling of multiple identical HTTP parameters to bypass security controls or alter application behavior
Default Credentials: Leverages unchanged factory-set usernames and passwords to gain unauthorized access to systems or applications
Directory Listing Exposure: Exploits servers configured to list directory contents, exposing sensitive files to unauthorized access
Verbose Error Messages: Takes advantage of overly detailed error messages that reveal stack traces, database schemas, or sensitive configuration data

PreviousInsecure Design NextVulnerable and Outdated Components

Last updated 4 months ago