Impact Associated With Vulnerabilities Flashcards
The behavior of software, electronic or another system’s output is dependent on the timing, sequence of events or a factor out of the users control
Race conditions
Race condition vulnerability
No longer receives updates and at a high risk to compromise
End of life systems
Race condition vulnerability
Programs added for automation and/or monitoring and can allow for malicious programs to gain access through the added programs.
Embedded systems
Race condition vulnerability
Vendor does not support the product: does not update, improve, or protect the product
Lack of vendor support
The system does not properly validate data, allows for an attacker to create an input that is not expected – allows for parts of the system vulnerable to unintended data.
Improper input handling
Error message display sensitive or private information that give the user too much data.
Improper error handling
Uses the unsecure out-of-box settings
Default config
A denial of service occurs, the amount of resources to execute an action are expended, making it unable for the action to be performed.
Resource exhaustion
Users are not properly informed on how to use the systems and that means that mistakes will more likely occur and that the system’s resources may be abused
Untrained users
Users should only be allowed to access the parts that they need to complete their work
Improperly configured accounts
All tasks, procedures and functions should be properly assessed and the most valuable and vulnerable should be heavily protected
Vulnerable business processes
Uses older or less robust cryptographic algorithms – DES, WEP
Weak cipher suites and implementations
Memory/Buffer Vulnerability
Leaves system unresponsive
Memory leak
Memory/Buffer Vulnerability
Large integer exceeds data storage capacity
Integer overflow
Memory/Buffer Vulnerability
Too much data for the computer’s memory to buffer
Buffer overflow