The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.
N/A
Threat Mapped score: 1.8
Industry: Finiancial
Threat priority: P4 - Informational (Low)
CVE: CVE-1999-1029
Login attempts are not recorded if the user disconnects before the maximum number of tries.
CVE: CVE-2002-1839
Sender's IP address not recorded in outgoing e-mail.
CVE: CVE-2000-0542
Failed authentication attempts are not recorded if later attempt succeeds.
N/A
N/A
| Phase | Note |
|---|---|
| Architecture and Design | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
| Implementation | N/A |
| Operation | N/A |
Intro: This code logs suspicious multiple login attempts.
Body: This code only logs failed login attempts when a certain limit is reached. If an attacker knows this limit, they can stop their attack from being discovered by avoiding the limit.
function login($userName,$password){ if(authenticate($userName,$password)){ return True; } else{ incrementLoginAttempts($userName); if(recentLoginAttempts($userName) > 5){ writeLog("Failed login attempt by User: " . $userName . " at " + date('r') ); } } }Intro: This code prints the contents of a file if a user has permission.
Body: While the code logs a bad access attempt, it logs the user supplied name for the file, not the canonicalized file name. An attacker can obscure their target by giving the script the name of a link to the file they are attempting to access. Also note this code contains a race condition between the is_link() and readlink() functions (CWE-363).
function readFile($filename){ $user = getCurrentUser(); $realFile = $filename; //resolve file if its a symbolic link if(is_link($filename)){ $realFile = readlink($filename); } if(fileowner($realFile) == $user){ echo file_get_contents($realFile); return; } else{ echo 'Access denied'; writeLog($user . ' attempted to access the file '. $filename . ' on '. date('r')); } }