HackerSavanna's Vulnerability Rating Taxonomy

HackerSavanna's Vulnerability Rating Taxonomy is a resource outlining HackerSavanna's baseline priority rating, including certain edge cases, for common vulnerabilities.

Priority Key

Technical SeverityVRT CategorySpecific Vulnerability NameVariant / Affected FunctionActions
P1
Active Directory (AD)Kerberos AbuseDomain Compromise via Unconstrained Delegated
P1
AI Application SecurityModel ExtractionAPI Query-Based Model Reconstruction
P1
AI Application SecurityRemote Code ExecutionFull System Compromise
P1
AI Application SecuritySensitive Information DisclosureCross-Tenant PII Leakage/Exposure
P1
AI Application SecuritySensitive Information DisclosureKey Leak
P1
AI Application SecurityTraining Data PoisoningBackdoor Injection / Bias Manipulation
P1
Automotive Security MisconfigurationInfotainment, Radio Head UnitSensitive data Leakage/Exposure
P1
Automotive Security MisconfigurationRF HubKey Fob Cloning
P1
Broken Access Control (BAC)Insecure Direct Object References (IDOR)Modify/View Sensitive Information(Iterable Object Identifiers)
P1
Broken Authentication and Session ManagementAuthentication Bypass
P1
Cloud SecurityIdentity and Access Management (IAM) MisconfigurationsPublicly Accessible IAM Credentials
P1
Decentralized Application MisconfigurationInsecure Data StoragePlaintext Private Key
P1
Decentralized Application MisconfigurationMarketplace SecurityOrderbook Manipulation
P1
Decentralized Application MisconfigurationMarketplace SecuritySigner Account Takeover
P1
Decentralized Application MisconfigurationMarketplace SecurityUnauthorized Asset Transfer
P1
Decentralized Application MisconfigurationProtocol Security MisconfigurationNode-level Denial of Service
P1
Insecure OS/FirmwareCommand Injection
P1
Insecure OS/FirmwareHardcoded PasswordPrivileged User
P1
Sensitive Data ExposureDisclosure of SecretsFor Publicly Accessible Asset
P1
Server Security MisconfigurationExposed PortalAdmin Portal
P1
Server Security MisconfigurationUsing Default Credentials
P1
Server-Side InjectionFile InclusionLocal
P1
Server-Side InjectionRemote Code Execution (RCE)
P1
Server-Side InjectionSQL Injection
P1
Server-Side InjectionXML External Entity Injection (XXE)
P1
Smart Contract MisconfigurationReentrancy Attack
P1
Smart Contract MisconfigurationSmart Contract Owner Takeover
P1
Smart Contract MisconfigurationUnauthorized Transfer of Funds
P1
Smart Contract MisconfigurationUninitialized Variables
P1
Zero Knowledge Security MisconfigurationDeanonymization of Data
P1
Zero Knowledge Security MisconfigurationImproper Proof Validation and Finalization Logic
P2
Active Directory (AD)Configuration WeaknessesWeak Domain Password Policy
P2
Active Directory (AD)Configuration WeaknessesShared Administrator Passwords
P2
Active Directory (AD)Kerberos AbuseInsecure Service Account Management (Kerberoasting)
P2
Active Directory (AD)Kerberos AbuseUser Does Not Require Pre-authentication (ASREPRoasting)
P2
AI Application SecurityDenial-of-Service (DoS)Application-Wide
P2
AI Application SecurityPrompt InjectionSystem Prompt Leakage
P2
AI Application SecurityRemote Code ExecutionSandboxed Container Code Execution
P2
AI Application SecurityVector and Embedding WeaknessesEmbedding Exfiltration / Model Extraction
P2
Application-Level Denial-of-Service (DoS)Critical Impact and/or Easy Difficulty
P2
Automotive Security MisconfigurationInfotainment, Radio Head UnitCode Execution (CAN Bus Pivot)
P2
Automotive Security MisconfigurationInfotainment, Radio Head UnitOTA Firmware Manipulation
P2
Automotive Security MisconfigurationRF HubCAN Injection / Interaction
P2
Broken Access Control (BAC)Insecure Direct Object References (IDOR)Modify Sensitive Information(Iterable Object Identifiers)
P2
Cloud SecurityIdentity and Access Management (IAM) MisconfigurationsOverly Permissive IAM Roles
P2
Cloud SecurityStorage MisconfigurationsUnencrypted Sensitive Data at Rest
P2
Cross-Site Request Forgery (CSRF)Application-Wide
P2
Cross-Site Scripting (XSS)StoredNon-Privileged User to Anyone
P2
Cryptographic WeaknessKey ReuseInter-Environment
P2
Decentralized Application MisconfigurationMarketplace SecurityMalicious Order Offer
P2
Decentralized Application MisconfigurationMarketplace SecurityPrice or Fee Manipulation
P2
Insecure OS/FirmwareHardcoded PasswordNon-Privileged User
P2
Insecure OS/FirmwareLocal Administrator on default environment
P2
Insecure OS/FirmwareOver-Permissioned Credentials on Storage
P2
Physical Security IssuesWeakness in physical access controlCommonly Keyed System
P2
Protocol Specific MisconfigurationFrontrunning-Enabled Attack
P2
Protocol Specific MisconfigurationSandwich-Enabled Attack
P2
Sensitive Data ExposureWeak Password Reset ImplementationToken Leakage via Host Header Poisoning
P2
Server Security MisconfigurationOAuth MisconfigurationAccount Takeover
P2
Server Security MisconfigurationServer-Side Request Forgery (SSRF)Internal Secrets Exposure
P2
Smart Contract MisconfigurationInteger Overflow / Underflow
P2
Smart Contract MisconfigurationUnauthorized Smart Contract Approval
P3
Active Directory (AD)Configuration WeaknessesExcessive Domain Admin Membership
P3
Active Directory (AD)Configuration WeaknessesDormant / Inactive User Accounts Enabled in the Domain
P3
AI Application SecurityImproper Output HandlingCross-Site Scripting (XSS)
P3
AI Application SecurityVector and Embedding WeaknessesSemantic Indexing
P3
Application-Level Denial-of-Service (DoS)High Impact and/or Medium Difficulty
P3
Automotive Security MisconfigurationAutomatic Braking System (ABS)Unintended Acceleration / Brake
P3
Automotive Security MisconfigurationBattery Management SystemFirmware Dump
P3
Automotive Security MisconfigurationCANInjection (Basic Safety Message)
P3
Automotive Security MisconfigurationCANInjection (Battery Management System)
P3
Automotive Security MisconfigurationCANInjection (Headlights)
P3
Automotive Security MisconfigurationCANInjection (Powertrain)
P3
Automotive Security MisconfigurationCANInjection (Pyrotechnical Device Deployment Tool)
P3
Automotive Security MisconfigurationCANInjection (Sensors)
P3
Automotive Security MisconfigurationCANInjection (Steering Control)
P3
Automotive Security MisconfigurationCANInjection (Vehicle Anti-theft Systems)
P3
Automotive Security MisconfigurationImmobilizerEngine Start
P3
Automotive Security MisconfigurationInfotainment, Radio Head UnitCode Execution (No CAN Bus Pivot)
P3
Automotive Security MisconfigurationInfotainment, Radio Head UnitUnauthorized Access to Services (API / Endpoints)
P3
Automotive Security MisconfigurationRF HubData Leakage / Pull Encryption Mechanism
P3
Broken Access Control (BAC)Insecure Direct Object References (IDOR)View Sensitive Information(Iterable Object Identifiers)
P3
Broken Authentication and Session ManagementSecond Factor Authentication (2FA) Bypass
P3
Broken Authentication and Session ManagementSession FixationRemote Attack Vector
P3
Client-Side InjectionBinary PlantingDefault Folder Privilege Escalation
P3
Cloud SecurityNetwork Configuration IssuesLack of Network Segmentation
P3
Cloud SecurityNetwork Configuration IssuesOpen Management Ports to the Internet
P3
Cross-Site Scripting (XSS)ReflectedNon-Self
P3
Cross-Site Scripting (XSS)StoredPrivileged User to Privilege Elevation
P3
Cross-Site Scripting (XSS)StoredCSRF/URL-Based
P3
Cryptographic WeaknessBroken CryptographyUse of Broken Cryptographic Primitive
P3
Cryptographic WeaknessInsecure Key GenerationInsufficient Key Space
P3
Decentralized Application MisconfigurationMarketplace SecurityOFAC Bypass
P3
Insecure OS/FirmwareShared Credentials on Storage
P3
Insecure OS/FirmwareWeakness in Firmware UpdatesFirmware does not validate update integrity
P3
Sensitive Data ExposureDisclosure of SecretsFor Internal Asset
P3
Sensitive Data ExposureEXIF Geolocation Data Not Stripped From Uploaded ImagesAutomatic User Enumeration
P3
Server Security MisconfigurationExposed PortalNon-Admin Portal
P3
Server Security MisconfigurationMail Server MisconfigurationNo Spoofing Protection on Email Domain
P3
Server Security MisconfigurationMisconfigured DNSSubdomain Takeover
P3
Server Security MisconfigurationServer-Side Request Forgery (SSRF)Internal Data Exposure
P3
Server Security MisconfigurationServer-Side Request Forgery (SSRF)Internal Port Service Scan
P3
Server-Side InjectionContent Spoofingiframe Injection
P3
Server-Side InjectionHTTP Response ManipulationResponse Splitting (CRLF)
P3
Smart Contract MisconfigurationFunction-level Denial of Service
P3
Smart Contract MisconfigurationImproper Fee Implementation
P3
Smart Contract MisconfigurationIrreversible Function Call
P3
Smart Contract MisconfigurationMalicious Superuser Risk
P4
AI Application SecurityAdversarial Example InjectionAI Misclassification Attacks
P4
AI Application SecurityAI SafetyMisinformation / Wrong Factual Data
P4
AI Application SecurityDenial-of-Service (DoS)Tenant-Scoped
P4
AI Application SecurityImproper Output HandlingMarkdown/HTML Injection
P4
AI Application SecurityInsufficient Rate LimitingQuery Flooding / API Token Abuse
P4
Automotive Security MisconfigurationBattery Management SystemFraudulent Interface
P4
Automotive Security MisconfigurationCANInjection (Disallowed Messages)
P4
Automotive Security MisconfigurationCANInjection (DoS)
P4
Automotive Security MisconfigurationGNSS / GPSSpoofing
P4
Automotive Security MisconfigurationInfotainment, Radio Head UnitDefault Credentials
P4
Automotive Security MisconfigurationInfotainment, Radio Head UnitDenial of Service (DoS / Brick)
P4
Automotive Security MisconfigurationInfotainment, Radio Head UnitSource Code Dump
P4
Automotive Security MisconfigurationRF HubUnauthorized Access / Turn On
P4
Automotive Security MisconfigurationRoadside Unit (RSU)Sybil Attack
P4
Broken Access Control (BAC)Bypass of Password ConfirmationChange Password
P4
Broken Access Control (BAC)Insecure Direct Object References (IDOR)Modify/View Sensitive Information(Complex Object Identifiers GUID/UUID)
P4
Broken Access Control (BAC)Username/Email EnumerationNon-Brute Force
P4
Broken Authentication and Session ManagementCleartext Transmission of Session Token
P4
Broken Authentication and Session ManagementFailure to Invalidate SessionOn Logout (Client and Server-Side)
P4
Broken Authentication and Session ManagementFailure to Invalidate SessionOn Password Reset and/or Change
P4
Broken Authentication and Session ManagementWeak Login FunctionOther Plaintext Protocol with no Secure Alternative
P4
Broken Authentication and Session ManagementWeak Login FunctionOver HTTP
P4
Broken Authentication and Session ManagementWeak Registration ImplementationOver HTTP
P4
Cloud SecurityMisconfigured Services and APIsInsecure API Endpoints
P4
Cross-Site Scripting (XSS)Off-DomainData URI
P4
Cross-Site Scripting (XSS)Referer
P4
Cross-Site Scripting (XSS)StoredPrivileged User to No Privilege Elevation
P4
Cross-Site Scripting (XSS)Universal (UXSS)
P4
Cryptographic WeaknessBroken CryptographyUse of Vulnerable Cryptographic Library
P4
Cryptographic WeaknessInsecure Key GenerationKey Exchage Without Entity Authentication
P4
Cryptographic WeaknessInsufficient EntropyLimited Random Number Generator (RNG) Entropy Source
P4
Cryptographic WeaknessInsufficient EntropyPredictable Initialization Vector (IV)
P4
Cryptographic WeaknessInsufficient EntropyPredictable Pseudo-Random Number Generator (PRNG) Seed
P4
Cryptographic WeaknessInsufficient EntropySmall Seed Space in Pseudo-Random Number Generator (PRNG)
P4
Cryptographic WeaknessInsufficient Verification of Data AuthenticityIntegrity Check Value (ICV)
P4
Cryptographic WeaknessKey ReuseLack of Perfect Forward Secrecy
P4
Cryptographic WeaknessSide-Channel AttackPadding Oracle Attack
P4
Cryptographic WeaknessSide-Channel AttackTiming Attack
P4
Cryptographic WeaknessUse of Expired Cryptographic Key (or Certificate)
P4
Insecure Data StorageSensitive Application Data Stored UnencryptedOn External Storage
P4
Insecure Data StorageServer-Side Credentials StoragePlaintext
P4
Insecure Data TransportExecutable DownloadNo Secure Integrity Check
P4
Insufficient Security ConfigurabilityNo Password Policy
P4
Insufficient Security ConfigurabilityWeak 2FA Implementation2FA Secret Cannot be Rotated
P4
Insufficient Security ConfigurabilityWeak 2FA Implementation2FA Secret Remains Obtainable After 2FA is Enabled
P4
Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After Use
P4
Privacy ConcernsUnnecessary Data CollectionWiFi SSID+Password
P4
Sensitive Data ExposureDisclosure of SecretsPay-Per-Use Abuse
P4
Sensitive Data ExposureEXIF Geolocation Data Not Stripped From Uploaded ImagesManual User Enumeration
P4
Sensitive Data ExposureSensitive Token in URLUser Facing
P4
Sensitive Data ExposureToken Leakage via RefererOver HTTP
P4
Sensitive Data ExposureToken Leakage via RefererUntrusted 3rd Party
P4
Sensitive Data ExposureVia localStorage/sessionStorageSensitive Token
P4
Sensitive Data ExposureVisible Detailed Error/Debug PageDetailed Server Configuration
P4
Sensitive Data ExposureWeak Password Reset ImplementationPassword Reset Token Sent Over HTTP
P4
Server Security MisconfigurationCAPTCHAImplementation Vulnerability
P4
Server Security MisconfigurationClickjackingSensitive Click-Based Action
P4
Server Security MisconfigurationDatabase Management System (DBMS) MisconfigurationExcessively Privileged User / DBA
P4
Server Security MisconfigurationLack of Password ConfirmationDelete Account
P4
Server Security MisconfigurationLack of Security HeadersCache-Control for a Sensitive Page
P4
Server Security MisconfigurationMail Server MisconfigurationEmail Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
P4
Server Security MisconfigurationMisconfigured DNSZone Transfer
P4
Server Security MisconfigurationMissing Secure or HTTPOnly Cookie FlagSession Token
P4
Server Security MisconfigurationNo Rate Limiting on FormEmail-Triggering
P4
Server Security MisconfigurationNo Rate Limiting on FormLogin
P4
Server Security MisconfigurationNo Rate Limiting on FormRegistration
P4
Server Security MisconfigurationNo Rate Limiting on FormSMS-Triggering
P4
Server Security MisconfigurationOAuth MisconfigurationAccount Squatting
P4
Server Security MisconfigurationServer-Side Request Forgery (SSRF)Internal Exposure of the Presence of Data/Secrets
P4
Server Security MisconfigurationServer-Side Request Forgery (SSRF)Internal Port Scan Only
P4
Server Security MisconfigurationWeb Application Firewall (WAF) BypassDirect Server Access
P4
Server-Side InjectionContent SpoofingEmail HTML Injection
P4
Server-Side InjectionContent SpoofingExternal Authentication Injection
P4
Server-Side InjectionContent SpoofingImpersonation via Broken Link Hijacking
P4
Server-Side InjectionServer-Side Template Injection (SSTI)Basic
P4
Smart Contract MisconfigurationImproper Decimals Implementation
P4
Smart Contract MisconfigurationImproper Use of Modifier
P4
Unvalidated Redirects and ForwardsOpen RedirectGET-Based
P5
AI Application SecurityImproper Input HandlingANSI Escape Codes
P5
AI Application SecurityImproper Input HandlingRTL Overrides
P5
AI Application SecurityImproper Input HandlingUnicode Confusables
P5
Application-Level Denial-of-Service (DoS)App CrashMalformed Android Intents
P5
Application-Level Denial-of-Service (DoS)App CrashMalformed iOS URL Schemes
P5
Automotive Security MisconfigurationRF HubRelay
P5
Automotive Security MisconfigurationRF HubReplay
P5
Automotive Security MisconfigurationRF HubRoll Jam
P5
Broken Access Control (BAC)Insecure Direct Object References (IDOR)View Non-Sensitive Information
P5
Broken Authentication and Session ManagementConcurrent Logins
P5
Broken Authentication and Session ManagementExcessive JSON Web Token (JWT) Lifetime
P5
Broken Authentication and Session ManagementFailure to Invalidate SessionConcurrent Sessions On Logout
P5
Broken Authentication and Session ManagementFailure to Invalidate SessionLong Timeout
P5
Broken Authentication and Session ManagementFailure to Invalidate SessionOn Email Change
P5
Broken Authentication and Session ManagementFailure to Invalidate SessionOn Logout (Server-Side Only)
P5
Broken Authentication and Session ManagementFailure to Invalidate SessionOn 2FA Activation/Change
P5
Broken Authentication and Session ManagementSAML Replay
P5
Broken Authentication and Session ManagementSecret Questions Used for Account Verification
P5
Broken Authentication and Session ManagementSession FixationLocal Attack Vector
P5
Broken Authentication and Session ManagementWeak Login FunctionNot Operational or Intended Public Access
P5
Client-Side InjectionBinary PlantingNo Privilege Escalation
P5
Client-Side InjectionBinary PlantingNon-Default Folder Privilege Escalation
P5
Cloud SecurityLogging and Monitoring IssuesDisabled or Insufficient Logging
P5
Cross-Site Request Forgery (CSRF)Action-SpecificLogout
P5
Cross-Site Request Forgery (CSRF)CSRF Token Not Unique Per Request
P5
Cross-Site Request Forgery (CSRF)Flash-Based
P5
Cross-Site Scripting (XSS)Cookie-Based
P5
Cross-Site Scripting (XSS)Flash-Based
P5
Cross-Site Scripting (XSS)IE-Only
P5
Cross-Site Scripting (XSS)ReflectedSelf
P5
Cross-Site Scripting (XSS)StoredSelf
P5
Cross-Site Scripting (XSS)TRACE Method
P5
Cryptographic WeaknessIncomplete Cleanup of Keying Material
P5
Cryptographic WeaknessInsufficient EntropyInitialization Vector (IV) Reuse
P5
Cryptographic WeaknessInsufficient EntropyPseudo-Random Number Generator (PRNG) Seed Reuse
P5
Cryptographic WeaknessInsufficient EntropyUse of True Random Number Generator (TRNG) for Non-Security Purpose
P5
Cryptographic WeaknessKey ReuseIntra-Environment
P5
Cryptographic WeaknessSide-Channel AttackEmanations Attack
P5
Cryptographic WeaknessSide-Channel AttackPower Analysis Attack
P5
Cryptographic WeaknessWeak HashUse of Predictable Salt
P5
External BehaviorBrowser FeatureAggressive Offline Caching
P5
External BehaviorBrowser FeatureAutocomplete Enabled
P5
External BehaviorBrowser FeatureAutocorrect Enabled
P5
External BehaviorBrowser FeaturePlaintext Password Field
P5
External BehaviorBrowser FeatureSave Password
P5
External BehaviorCaptcha BypassCrowdsourcing
P5
External BehaviorCSV Injection
P5
External BehaviorSystem Clipboard LeakShared Links
P5
External BehaviorUser Password Persisted in Memory
P5
Insecure Data StorageNon-Sensitive Application Data Stored Unencrypted
P5
Insecure Data StorageScreen Caching Enabled
P5
Insecure Data StorageSensitive Application Data Stored UnencryptedOn Internal Storage
P5
Insecure Data TransportExecutable DownloadSecure Integrity Check
P5
Insecure OS/FirmwareData not encrypted at restNon sensitive
P5
Insecure OS/FirmwareWeakness in Firmware UpdatesFirmware is not encrypted
P5
Insufficient Security ConfigurabilityLack of Notification Email
P5
Insufficient Security ConfigurabilityNo 2FA Implementation
P5
Insufficient Security ConfigurabilityNo Account Lockout
P5
Insufficient Security ConfigurabilityPassword Policy Bypass
P5
Insufficient Security ConfigurabilityVerification of Contact Method not Required
P5
Insufficient Security ConfigurabilityWeak 2FA ImplementationMissing Failsafe
P5
Insufficient Security ConfigurabilityWeak 2FA ImplementationOld 2FA Code is Not Invalidated After New Code is Generated
P5
Insufficient Security ConfigurabilityWeak 2FA Implementation2FA Code is Not Updated After New Code is Requested
P5
Insufficient Security ConfigurabilityWeak JSON Web Token (JWT) Hashing Algorithm
P5
Insufficient Security ConfigurabilityWeak Password Policy
P5
Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken Has Long Timed Expiry
P5
Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After Email Change
P5
Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After Login
P5
Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After New Token is Requested
P5
Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After Password Change
P5
Insufficient Security ConfigurabilityWeak Registration ImplementationAllows Disposable Email Addresses
P5
Lack of Binary HardeningLack of Exploit Mitigations
P5
Lack of Binary HardeningLack of Jailbreak Detection
P5
Lack of Binary HardeningLack of Obfuscation
P5
Lack of Binary HardeningRuntime Instrumentation-Based
P5
Mobile Security MisconfigurationAuto Backup Allowed by Default
P5
Mobile Security MisconfigurationClipboard Enabled
P5
Mobile Security MisconfigurationSSL Certificate PinningAbsent
P5
Mobile Security MisconfigurationSSL Certificate PinningDefeatable
P5
Mobile Security MisconfigurationTapjacking
P5
Network Security MisconfigurationTelnet Enabled
P5
Sensitive Data ExposureDisclosure of Known Public Information
P5
Sensitive Data ExposureDisclosure of SecretsData/Traffic Spam
P5
Sensitive Data ExposureDisclosure of SecretsIntentionally Public, Sample or Invalid
P5
Sensitive Data ExposureDisclosure of SecretsNon-Corporate User
P5
Sensitive Data ExposureDisclosure of SecretsSensitive Information Disclosed in JSON Web Token (JWT)
P5
Sensitive Data ExposureDisclosure of SecretsPublicly accessible Robots.txt
P5
Sensitive Data ExposureGraphQL Introspection Enabled
P5
Sensitive Data ExposureInternal IP Disclosure
P5
Sensitive Data ExposureJSON Hijacking
P5
Sensitive Data ExposureMixed Content (HTTPS Sourcing HTTP)
P5
Sensitive Data ExposureNon-Sensitive Token in URL
P5
Sensitive Data ExposureSensitive Data HardcodedFile Paths
P5
Sensitive Data ExposureSensitive Data HardcodedOAuth Secret
P5
Sensitive Data ExposureSensitive Token in URLIn the Background
P5
Sensitive Data ExposureSensitive Token in URLOn Password Reset
P5
Sensitive Data ExposureToken Leakage via RefererPassword Reset Token
P5
Sensitive Data ExposureToken Leakage via RefererTrusted 3rd Party
P5
Sensitive Data ExposureVia localStorage/sessionStorageNon-Sensitive Token
P5
Sensitive Data ExposureVisible Detailed Error/Debug PageDescriptive Stack Trace
P5
Sensitive Data ExposureVisible Detailed Error/Debug PageFull Path Disclosure
P5
Server Security MisconfigurationBitsquatting
P5
Server Security MisconfigurationCAPTCHABrute Force
P5
Server Security MisconfigurationCAPTCHAMissing
P5
Server Security MisconfigurationClickjackingForm Input
P5
Server Security MisconfigurationClickjackingNon-Sensitive Action
P5
Server Security MisconfigurationCookie Scoped to Parent Domain
P5
Server Security MisconfigurationDirectory Listing EnabledNon-Sensitive Data Exposure
P5
Server Security MisconfigurationEmail Verification Bypass
P5
Server Security MisconfigurationExposed PortalProtected
P5
Server Security MisconfigurationFingerprinting/Banner DisclosureSoftware Versions Disclosed in Response Headers
P5
Server Security MisconfigurationInsecure SSLCertificate Error
P5
Server Security MisconfigurationInsecure SSLInsecure Cipher Suite
P5
Server Security MisconfigurationInsecure SSLLack of Forward Secrecy
P5
Server Security MisconfigurationLack of Password ConfirmationChange Email Address
P5
Server Security MisconfigurationLack of Password ConfirmationChange Password
P5
Server Security MisconfigurationLack of Password ConfirmationManage 2FA
P5
Server Security MisconfigurationLack of Security HeadersCache-Control for a Non-Sensitive Page
P5
Server Security MisconfigurationLack of Security HeadersContent-Security-Policy
P5
Server Security MisconfigurationLack of Security HeadersContent-Security-Policy-Report-Only
P5
Server Security MisconfigurationLack of Security HeadersPublic-Key-Pins
P5
Server Security MisconfigurationLack of Security HeadersStrict-Transport-Security
P5
Server Security MisconfigurationLack of Security HeadersX-Content-Security-Policy
P5
Server Security MisconfigurationLack of Security HeadersX-Content-Type-Options
P5
Server Security MisconfigurationLack of Security HeadersX-Frame-Options
P5
Server Security MisconfigurationLack of Security HeadersX-Webkit-CSP
P5
Server Security MisconfigurationLack of Security HeadersX-XSS-Protection
P5
Server Security MisconfigurationMail Server MisconfigurationEmail Spoofing on Non-Email Domain
P5
Server Security MisconfigurationMail Server MisconfigurationEmail Spoofing to Spam Folder
P5
Server Security MisconfigurationMail Server MisconfigurationMissing or Misconfigured SPF and/or DKIM
P5
Server Security MisconfigurationMisconfigured DNSMissing Certification Authority Authorization (CAA) Record
P5
Server Security MisconfigurationMisconfigured File ShareNon-Sensitive Data Exposure via Anonymous FTP/SMB Enabled
P5
Server Security MisconfigurationMisconfigured Security Headers Insecure Content-Security-Policy
P5
Server Security MisconfigurationMissing DNSSEC
P5
Server Security MisconfigurationMissing Secure or HTTPOnly Cookie FlagNon-Session Cookie
P5
Server Security MisconfigurationMissing Subresource Integrity
P5
Server Security MisconfigurationNo Rate Limiting on FormChange Password
P5
Server Security MisconfigurationPotentially Unsafe HTTP Method EnabledOPTIONS
P5
Server Security MisconfigurationPotentially Unsafe HTTP Method EnabledTRACE
P5
Server Security MisconfigurationReflected File Download (RFD)
P5
Server Security MisconfigurationSame-Site Scripting
P5
Server Security MisconfigurationServer-Side Request Forgery (SSRF)External - DNS Query Only
P5
Server Security MisconfigurationServer-Side Request Forgery (SSRF)External - Low impact
P5
Server Security MisconfigurationUnsafe File UploadFile Extension Filter Bypass
P5
Server Security MisconfigurationUnsafe File UploadNo Antivirus
P5
Server Security MisconfigurationUnsafe File UploadNo Size Limit
P5
Server Security MisconfigurationUsername/Email EnumerationBrute Force
P5
Server-Side InjectionContent SpoofingEmail Hyperlink Injection Based on Email Provider
P5
Server-Side InjectionContent SpoofingFlash Based External Authentication Injection
P5
Server-Side InjectionContent SpoofingHomograph/IDN-Based
P5
Server-Side InjectionContent SpoofingHTML Content Injection
P5
Server-Side InjectionContent SpoofingRight-to-Left Override (RTLO)
P5
Server-Side InjectionContent SpoofingText Injection
P5
Server-Side InjectionContent SpoofingSelf Email HTML Injection
P5
Server-Side InjectionExposed DataNon Sensitive Data
P5
Server-Side InjectionParameter PollutionSocial Media Sharing Buttons
P5
Unvalidated Redirects and ForwardsLack of Security Speed Bump Page
P5
Unvalidated Redirects and ForwardsOpen RedirectFlash-Based
P5
Unvalidated Redirects and ForwardsOpen RedirectHeader-Based
P5
Unvalidated Redirects and ForwardsOpen RedirectPOST-Based
P5
Unvalidated Redirects and ForwardsTabnabbing
P5
Using Components with Known VulnerabilitiesCaptcha BypassOCR (Optical Character Recognition)
P5
Using Components with Known VulnerabilitiesOutdated Software Version
P5
Using Components with Known VulnerabilitiesRosetta Flash
P5
Using Components with Known VulnerabilitiesUnpatched Javascript Libraries
Varies
Active Directory (AD)Configuration WeaknessesPasswords Found within Domain User Account Description
Varies
Active Directory (AD)DACL Abuse
Varies
Active Directory (AD)Misconfigured Active Directory Certificate Services (ADCS)
Varies
Active Directory (AD)SCCM AbusePXE Boot Media Theft
Varies
Active Directory (AD)SCCM AbuseDistribution Point Permits Anonymous Access
Varies
Active Directory (AD)SCCM AbuseAutomatic Device Approval Enabled
Varies
Active Directory (AD)SCCM AbuseNTLM Relay From Management Point to Site Database
Varies
Active Directory (AD)SCCM AbuseNTLM Relay From Site Server To Site Systems
Varies
Active Directory (AD)SCCM AbuseNTLM Relay Via Automatic Client Push Installation
Varies
Active Directory (AD)SCCM AbusePrivileged Credentials Exposed In Task Sequences, Collection Variables or Network Access Account
Varies
Active Directory (AD)Sensitive Data ExposureLDAP Anonymous Bind Enabled
Varies
Active Directory (AD)Sensitive Data ExposureSensitive Data in Open File Shares
Varies
Algorithmic BiasesAggregation Bias
Varies
Algorithmic BiasesProcessing Bias
Varies
Application-Level Denial-of-Service (DoS)Excessive Resource ConsumptionInjection (Prompt)
Varies
Blockchain Infrastructure MisconfigurationImproper Bridge Validation and Verification Logic
Varies
Broken Access Control (BAC)Exposed Sensitive Android Intent
Varies
Broken Access Control (BAC)Exposed Sensitive iOS URL Scheme
Varies
Broken Access Control (BAC)Privilege Escalation
Varies
Broken Authentication and Session ManagementFailure to Invalidate SessionOn Permission Change
Varies
Cloud SecurityMisconfigured Services and APIsExposed Debug or Admin Interfaces
Varies
Cloud SecurityStorage MisconfigurationsPublicly Accessible Cloud Storage
Varies
Cross-Site Request Forgery (CSRF)Action-SpecificAuthenticated Action
Varies
Cross-Site Request Forgery (CSRF)Action-SpecificUnauthenticated Action
Varies
Cryptographic WeaknessInsecure ImplementationImproper Following of Specification (Other)
Varies
Cryptographic WeaknessInsecure ImplementationMissing Cryptographic Step
Varies
Cryptographic WeaknessInsecure Key GenerationImproper Asymmetric Exponent Selection
Varies
Cryptographic WeaknessInsecure Key GenerationImproper Asymmetric Prime Selection
Varies
Cryptographic WeaknessInsecure Key GenerationInsufficient Key Stretching
Varies
Cryptographic WeaknessInsufficient Verification of Data AuthenticityCryptographic Signature
Varies
Cryptographic WeaknessSide-Channel AttackDifferential Fault Analysis
Varies
Cryptographic WeaknessWeak HashLack of Salt
Varies
Cryptographic WeaknessWeak HashPredictable Hash Collision
Varies
Data BiasesPre-existing Bias
Varies
Data BiasesRepresentation Bias
Varies
Decentralized Application MisconfigurationDeFi SecurityFlash Loan Attack
Varies
Decentralized Application MisconfigurationDeFi SecurityFunction-Level Accounting Error
Varies
Decentralized Application MisconfigurationDeFi SecurityImproper Implementation of Governance
Varies
Decentralized Application MisconfigurationDeFi SecurityPricing Oracle Manipulation
Varies
Decentralized Application MisconfigurationImproper AuthorizationInsufficient Signature Validation
Varies
Decentralized Application MisconfigurationInsecure Data StorageSensitive Information Exposure
Varies
Decentralized Application MisconfigurationMarketplace SecurityDenial of Service
Varies
Decentralized Application MisconfigurationMarketplace SecurityImproper Validation and Checks For Deposits and Withdrawals
Varies
Decentralized Application MisconfigurationMarketplace SecurityMiscalculated Accounting Logic
Varies
Developer BiasesImplicit Bias
Varies
Insecure Data TransportCleartext Transmission of Sensitive Data
Varies
Insecure OS/FirmwareData not encrypted at restSensitive
Varies
Insecure OS/FirmwareFailure to Remove Sensitive Artifacts from Disk
Varies
Insecure OS/FirmwareKiosk Escape or Breakout
Varies
Insecure OS/FirmwarePoorly Configured Disk Encryption
Varies
Insecure OS/FirmwarePoorly Configured Operating System Security
Varies
Insecure OS/FirmwareRecovery of Disk Contains Sensitive Material
Varies
Insecure OS/FirmwareWeakness in Firmware UpdatesFirmware cannot be updated
Varies
Misinterpretation BiasesContext Ignorance
Varies
Physical Security IssuesBypass of physical access control
Varies
Physical Security IssuesWeakness in physical access controlCloneable Key
Varies
Physical Security IssuesWeakness in physical access controlMaster Key Identification
Varies
Protocol Specific MisconfigurationImproper Validation and Finalization Logic
Varies
Protocol Specific MisconfigurationMisconfigured Staking Logic
Varies
Sensitive Data ExposureCross Site Script Inclusion (XSSI)
Varies
Sensitive Data ExposureDisclosure of SecretsPII Leakage/Exposure
Varies
Server Security MisconfigurationCache Deception
Varies
Server Security MisconfigurationCache Poisoning
Varies
Server Security MisconfigurationDirectory Listing EnabledSensitive Data Exposure
Varies
Server Security MisconfigurationHTTP Request Smuggling
Varies
Server Security MisconfigurationMisconfigured File ShareAnonymous FTP Enabled
Varies
Server Security MisconfigurationMisconfigured File ShareAnonymous SMB Enabled
Varies
Server Security MisconfigurationOAuth MisconfigurationInsecure Redirect URI
Varies
Server Security MisconfigurationOAuth MisconfigurationMissing/Broken State Parameter
Varies
Server Security MisconfigurationPath Traversal
Varies
Server Security MisconfigurationRace Condition
Varies
Server Security MisconfigurationSoftware Package Takeover
Varies
Server Security MisconfigurationSSL Attack (BREACH, POODLE etc.)
Varies
Server Security MisconfigurationUnsafe Cross-Origin Resource Sharing
Varies
Server-Side InjectionExposed DataSensitive Data
Varies
Server-Side InjectionLDAP Injection
Varies
Server-Side InjectionServer-Side Template Injection (SSTI)Custom
Varies
Smart Contract MisconfigurationBypass of Function Modifiers and Checks
Varies
Smart Contract MisconfigurationInaccurate Rounding Calculation
Varies
Societal BiasesConfirmation Bias
Varies
Societal BiasesSystemic Bias
Varies
Zero Knowledge Security MisconfigurationMisconfigured Trusted Setup
Varies
Zero Knowledge Security MisconfigurationMismatching Bit Lengths
Varies
Zero Knowledge Security MisconfigurationMissing Constraint
Varies
Zero Knowledge Security MisconfigurationMissing Range Check