Difference between revisions of "Discrepancy Information Leaks"

From OWASP
Jump to: navigation, search
 
(4 intermediate revisions by one user not shown)
Line 1: Line 1:
{{Template:Vulnerability}}
+
{{template:CandidateForDeletion}}
  
{{Template:Stub}}
+
#REDIRECT[[::Category:Attack]]
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
+
  
 
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
 
 
[[ASDR Table of Contents]]
 
__TOC__
 
 
 
[[Category:FIXME|Stub article, needs review]]
 
  
 
==Description==
 
==Description==
Line 44: Line 36:
  
 
==Related [[Vulnerabilities]]==
 
==Related [[Vulnerabilities]]==
*  [[Error Message Infoleaks]]
 
  
 
==Related [[Controls]]==
 
==Related [[Controls]]==
Line 56: Line 47:
 
==References==
 
==References==
 
TBD
 
TBD
 
[[Category:FIXME|add links
 
 
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 
 
Availability Vulnerability
 
 
Authorization Vulnerability
 
 
Authentication Vulnerability
 
 
Concurrency Vulnerability
 
 
Configuration Vulnerability
 
 
Cryptographic Vulnerability
 
 
Encoding Vulnerability
 
 
Error Handling Vulnerability
 
 
Input Validation Vulnerability
 
 
Logging and Auditing Vulnerability
 
 
Session Management Vulnerability]]
 
 
__NOTOC__
 
 
 
[[Category:OWASP ASDR Project]]
 

Latest revision as of 11:45, 11 April 2009


This page was marked to be reviewed for deletion.


#REDIRECT:Category:Attack

Last revision (mm/dd/yy): 04/11/2009


Contents

Description

Application reveals details about its inner working by behaving differently, or sending different responses, to different user inputs.

Attackers try to observe the internal working of the application to obtain clues of attacks.


Risk Factors

TBD


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Attacks

  • Attack 1
  • Attack 2
  • Attacks that can take advantage of the information revealed in this vulnerability. For example, if an attacker knows whether a user name exists or not through the login response, he can accordingly change his strategy of a brute-force attack.


Related Vulnerabilities

Related Controls

Related Technical Impacts


References

TBD