Categories

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

The accidental deletion of a data-structure sentinel can cause serious programming logic problems.

The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

Environmental variables may contain sensitive information about a remote server.

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.

The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.