-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #489 from bugcrowd/VRT-update-Aug23-6
Addition of Insecure Key Generation
- Loading branch information
Showing
18 changed files
with
205 additions
and
0 deletions.
There are no files selected for viewing
5 changes: 5 additions & 0 deletions
5
submissions/description/cryptographic_weakness/insecure_key_generation/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the cryptographic weakness, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
5 changes: 5 additions & 0 deletions
5
...ness/insecure_key_generation/improper_asymmetric_exponent_selection/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the improper asymmetric exponent selection, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
...secure_key_generation/improper_asymmetric_exponent_selection/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement strong cryptography and keep up to date algorithms, protocols, and keys in place. For asymmetric exponent selection, ensure that there is a sufficiently large number to be selected. It is also best practice to use uniquely generated random number for exponent. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...ness/insecure_key_generation/improper_asymmetric_exponent_selection/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Improper Asymmetric Exponent Selection | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the endpoint contains an insecure cryptographic keys that have improper asymmetric exponent selection. This can allow an attacker to identify keys and break the confidentiality of requests sent to and from the endpoint. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the improper asymmetric exponent selection: | ||
|
|
||
| {{screenshot}} |
5 changes: 5 additions & 0 deletions
5
...eakness/insecure_key_generation/improper_asymmetric_prime_selection/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the improper asymmetric prime selection, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
.../insecure_key_generation/improper_asymmetric_prime_selection/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement strong cryptography and keep up to date algorithms, protocols, and keys in place. For asymmetric prime number selection, ensure that there is a sufficient amount of prime numbers represented, and no mathematical relationship between each prime number selected. It is also best practice to use uniquely generated prime numbers for prime selection. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...eakness/insecure_key_generation/improper_asymmetric_prime_selection/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Improper Asymmetric Prime Selection | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the endpoint contains an insecure cryptographic keys that have improper asymmetric prime selection. This can allow an attacker to identify keys and break the confidentiality of requests sent to and from the endpoint. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the improper asymmetric prime selection: | ||
|
|
||
| {{screenshot}} |
5 changes: 5 additions & 0 deletions
5
...yptographic_weakness/insecure_key_generation/insufficient_key_space/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the insufficient key space, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
8 changes: 8 additions & 0 deletions
8
...phic_weakness/insecure_key_generation/insufficient_key_space/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement strong cryptography and keep up to date algorithms, protocols, and keys in place. Best practices include ensuring that the application specifies a large minimum key length, for example AES-128, RSA-2048, or SHA-256. | ||
|
|
||
| For more information, refer to the following resources: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> | ||
| - <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf> |
22 changes: 22 additions & 0 deletions
22
...yptographic_weakness/insecure_key_generation/insufficient_key_space/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Insufficient Key Space | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the endpoint contains insecure cryptographic keys that have insufficient key space. This can allow an attacker to use brute-force techniques to identify keys and break the confidentiality of requests sent to and from the endpoint. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the insufficient key space: | ||
|
|
||
| {{screenshot}} |
5 changes: 5 additions & 0 deletions
5
...raphic_weakness/insecure_key_generation/insufficient_key_stretching/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the insufficient key stretching, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
...weakness/insecure_key_generation/insufficient_key_stretching/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement strong cryptography and keep up to date algorithms, protocols, and keys in place. Strong key stretching practices include ensuring that the application performs a large number of iterations to increase entropy. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...raphic_weakness/insecure_key_generation/insufficient_key_stretching/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Insufficient Key Stretching | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the endpoint contains insecure cryptographic keys that have insufficient key stretching. This can allow an attacker to identify keys and break the confidentiality of requests sent to and from the endpoint. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the insufficient key stretching: | ||
|
|
||
| {{screenshot}} |
5 changes: 5 additions & 0 deletions
5
...secure_key_generation/key_exchange_without_entity_authentication/guidance_ea.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the key exchange without entity authentication, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
...key_generation/key_exchange_without_entity_authentication/recommendations_ea.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement strong cryptography and keep up to date algorithms, protocols, and keys in place. Ensure proper cryptographic key generation, management, and rotation principles are in use. It is also best practice to validate the identity of the opposite party during the key exchange process. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...secure_key_generation/key_exchange_without_entity_authentication/template_ea.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Key Exchange Without Entity Authentication | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the endpoint contains an insecure key generation mechanism that involves key exchange without entity authentication. This can allow an attacker to break the confidentiality of requests sent to and from the endpoint. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the key exchange without entity authentication: | ||
|
|
||
| {{screenshot}} |
7 changes: 7 additions & 0 deletions
7
...s/description/cryptographic_weakness/insecure_key_generation/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement strong cryptography and keep up to date algorithms, protocols, and keys in place. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
submissions/description/cryptographic_weakness/insecure_key_generation/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Insecure Key Generation | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the endpoint contains an insecure key generation mechanism which can allow an attacker to break the confidentiality of requests sent to and from the endpoint. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the insecure key generation: | ||
|
|
||
| {{screenshot}} |