OWASP_2017_A03 on ZAP

ASP.NET ViewState Disclosure

Mon, 01 Jan 0001 00:00:00 +0000

An ASP.NET ViewState was disclosed by the application/web server.

ASP.NET ViewState Integrity

Mon, 01 Jan 0001 00:00:00 +0000

The application does not use a Message Authentication Code (MAC) to protect the integrity of the ASP.NET ViewState, which can be tampered with by a malicious client.

Authentication Credentials Captured

Mon, 01 Jan 0001 00:00:00 +0000

An insecure authentication mechanism is in use. This allows an attacker on the network access to the userid and password of the authenticated user. For Basic Authentication, the attacker must merely monitor the network traffic until a Basic Authentication request is received, and then base64 decode the username and password. For Digest Authentication, the attacker has access to the username, and possibly also the password, if the hash (including a nonce) can be successfully cracked, or if a Man-In-The-Middle attack is mounted. The attacker eavesdrops on the network until an authentication has completed.

Backup File Disclosure

Mon, 01 Jan 0001 00:00:00 +0000

A backup of the file was disclosed by the web server.

Base64 Disclosure

Mon, 01 Jan 0001 00:00:00 +0000

Base64 encoded data was disclosed by the application/web server. Note: in the interests of performance not all base64 strings in the response were analyzed individually, the entire response should be looked at by the analyst/security team/developer(s).

Big Redirect Detected (Potential Sensitive Information Leak)

Mon, 01 Jan 0001 00:00:00 +0000

The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).

Cross-Origin-Embedder-Policy Header Missing or Invalid

Mon, 01 Jan 0001 00:00:00 +0000

Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don’t explicitly grant the document permission (using CORP or CORS).

Cross-Origin-Opener-Policy Header Missing or Invalid

Mon, 01 Jan 0001 00:00:00 +0000

Cross-Origin-Opener-Policy header is a response header that allows a site to control if others included documents share the same browsing context. Sharing the same browsing context with untrusted documents might lead to data leak.

Cross-Origin-Resource-Policy Header Missing or Invalid

Mon, 01 Jan 0001 00:00:00 +0000

Cross-Origin-Resource-Policy header is an opt-in header designed to counter side-channels attacks like Spectre. Resource should be specifically set as shareable amongst different origins.

Hash Disclosure - BCrypt

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - BCrypt

Hash Disclosure - Kerberos AFS DES

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - Kerberos AFS DES

Hash Disclosure - LanMan

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - LanMan

Hash Disclosure - LanMan / DES

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - LanMan / DES

Hash Disclosure - MD4 / MD5

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - MD4 / MD5

Hash Disclosure - MD5 Crypt

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - MD5 Crypt

Hash Disclosure - NTLM

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - NTLM

Hash Disclosure - OpenBSD Blowfish

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - OpenBSD Blowfish

Hash Disclosure - Salted SHA-1

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - Salted SHA-1

Hash Disclosure - SHA-1

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-1

Hash Disclosure - SHA-224

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-224

Hash Disclosure - SHA-256

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-256

Hash Disclosure - SHA-256 Crypt

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-256 Crypt

Hash Disclosure - SHA-384

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-384

Hash Disclosure - SHA-512

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-512

Hash Disclosure - SHA-512 Crypt

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-512 Crypt

HTTPS Configuration

Mon, 01 Jan 0001 00:00:00 +0000

Performs HTTPS configuration analysis including certificate details and supported cipher suites.

HTTPS Security Configuration Issues

Mon, 01 Jan 0001 00:00:00 +0000

The HTTPS configuration has one or more security issues identified by the TLS risk assessment.

Information Disclosure - Debug Error Messages

Mon, 01 Jan 0001 00:00:00 +0000

The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.

Information Disclosure - Sensitive Information in HTTP Referrer Header

Mon, 01 Jan 0001 00:00:00 +0000

The HTTP header may have leaked a potentially sensitive parameter to another domain. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.

Information Disclosure - Sensitive Information in URL

Mon, 01 Jan 0001 00:00:00 +0000

The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.

Information Disclosure - Suspicious Comments

Mon, 01 Jan 0001 00:00:00 +0000

The response appears to contain suspicious comments which may help an attacker.

Multiple HREFs Redirect Detected (Potential Sensitive Information Leak)

Mon, 01 Jan 0001 00:00:00 +0000

The server has responded with a redirect that seems to contain multiple links. This may indicate that although the server sent a redirect it also responded with body content links (which may include sensitive details, PII, lead to admin panels, etc.).

PII Disclosure

Mon, 01 Jan 0001 00:00:00 +0000

The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.

Private IP Disclosure

Mon, 01 Jan 0001 00:00:00 +0000

A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.

Referer Exposes Session ID

Mon, 01 Jan 0001 00:00:00 +0000

A hyperlink pointing to another host name was found. As session ID URL rewrite is used, it may be disclosed in referer header to external hosts.

Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

Mon, 01 Jan 0001 00:00:00 +0000

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

Session ID in URL Rewrite

Mon, 01 Jan 0001 00:00:00 +0000

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.

Session ID in URL Rewrite

Mon, 01 Jan 0001 00:00:00 +0000

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.

Timestamp Disclosure - Unix

Mon, 01 Jan 0001 00:00:00 +0000

A timestamp was disclosed by the application/web server. - Unix

Weak Authentication Method

Mon, 01 Jan 0001 00:00:00 +0000

HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.

X-ChromeLogger-Data (XCOLD) Header Information Leak

Mon, 01 Jan 0001 00:00:00 +0000

The server is leaking information through the X-ChromeLogger-Data (or X-ChromePhp-Data) response header. The content of such headers can be customized by the developer, however it is not uncommon to find: server file system locations, vhost declarations, etc.

X-Debug-Token Information Leak

Mon, 01 Jan 0001 00:00:00 +0000

The response contained an X-Debug-Token or X-Debug-Token-Link header. This indicates that Symfony’s Profiler may be in use and exposing sensitive data.