Quality updates to Cryptographic Weakness write ups

submissions/description/cryptographic_weakness/insufficient_entropy/initialization_vector_reuse/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptographic algorithms use an initial block of data (called an initialization vector) alongside the plaintext data that is encrypted. When this IV is reused for multiple encryptions, an attacker can identify the IV from the original data within the encryption.
+Cryptographic algorithms use an initial block of data called an Initialization Vector (IV) alongside the plaintext data that is encrypted. When this IV is reused across multiple encryptions, the cryptographic algorithms are weakened as an attacker can differentiate the IV from the original encrypted data. This can lead to further targeted attacks.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/insufficient_entropy/predictable_initialization_vector/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptographic algorithms use an initial block of data (called an initialization vector) alongside the plaintext data that is encrypted. When this IV is predictable, an attacker can identify the IV from the original data within the encryption.
+Cryptographic algorithms use an initial block of data called an Initialization Vector (IV) alongside the plaintext data that is encrypted. A predictable IV weakens the cryptographic algorithms as an attacker can differentiate the IV from the original encrypted data. This can lead to further targeted attacks.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/insufficient_entropy/predictable_prng_seed/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is predictable in full or in part, it is possible to determine the random numbers produce by the PRNG. The PRNG seed value is predictable, allowing an attacker to guess the random numbers  generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization and authentication.
+A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is predictable in full or in part, it is possible to determine the random numbers produce by the PRNG. This allows an attacker to guess the random numbers generated by the PRNG and can lead to unauthorized access if that seed value is used for authorization or authentication.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/insufficient_entropy/prng_seed_reuse/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is known, it is possible to determine the random numbers produce by the PRNG. An attacker with access to the seed value can predict or guess the random numbers which can lead to unauthorized access if that seed value is used for authorization and authentication.
+A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is known, it is possible to determine the random numbers produce by the PRNG. An attacker with access to the seed value can predict or guess the random numbers which can lead to unauthorized access if that seed value is used for authorization or authentication.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/insufficient_entropy/small_seed_space_in_prng/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is small in size, it is possible to bruteforce all possible seeed values. An attacker who can guess the seed value can predict or guess the random numbers generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization and authentication.
+A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is small in size, it is possible to bruteforce all possible seed values. An attacker who can guess the seed value can predict or guess the random numbers generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization or authentication.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/cryptographic_signature/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the application fails to verify the cryptographic signature. Ths can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application fails to verify the cryptographic signature which can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/identity_check_value/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the authenticity of the Integrity Check Value (ICV) is not verified which can lead to data corruption. Ths can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. Within the application, the authenticity of the Integrity Check Value (ICV) is not verified which can lead to data corruption. This can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/key_reuse/inter_environment/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the application's cryptographic mechanism reuses keys across different environment (inter-environment). This can allow an attacker to leverage the key to gain access to information or privileges within the application that are protected by the same key.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application's cryptographic mechanism reuses keys across different environments (inter-environment). This can allow an attacker to leverage the key to gain access to information or privileges within the application that are protected by the same key.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/key_reuse/intra_environment/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the application's cryptographic mechanism reuses keys within the same environment (intra-environment). This can allow an attacker to leverage the key to gain access to information or privileges within the application that are protected by the same key.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application's cryptographic mechanism reuses keys within the same environment (intra-environment). This can allow an attacker to leverage the key to gain access to information or privileges within the application that are protected by the same key.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/key_reuse/lack_of_perfect_forward_secrecy/template.md

@@ -1,8 +1,8 @@
-# Lack of Perfect Forward Secrecy
+# Lack of Perfect Forward Secrecy (PFS)
 
 ## Overview of the Vulnerability
 
-It was identified that the application's cryptographic mechanism lacks the use of Perfect Forward Secrecy (PFS). PFS involves the negotiation of an ephemeral key pair for each newly create session between two parties. Without PFS, an attacker would be able to compromise all past and future sessions based on a set of keys that they can decrypt. They can then leverage the keys to gain access to information or privileges within the application that are protected by the same key.
+Perfect Forward Secrecy (PFS) is used to generate unique session keys for each communication session which reduces the likelihood of past sessions being decrypted, even if the long-term keys are compromised. Without PFS, an attacker who can identify encryption keys is able to decrypt all past and future sessions that are based on those encryption keys. This application's cryptographic mechanism lacks the use of PFS which can result in an attacker gaining access to information or privileges within the application that are protected by the same encryption keys.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/recommendations.md

@@ -1,7 +1,8 @@
 # Recommendation(s)
 
-Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Best practices includes uniform exception handling and ensuring that the system reverts to a known uniform state when faults occur.
+Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. The application and its systems should always revert to a known and uniform state when faults and errors occur. This can be achieved through uniform exception handling, restoring saved states, or system reset. The exact method will be contextual to the application.
 
 For more information, refer to the following resource:
 
 - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/>
+- <https://ieeexplore.ieee.org/document/6976633>

submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/template.md

@@ -1,8 +1,8 @@
-# Differential Fault Analysis
+# Differential Fault Analysis (DFA)
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a differential fault analysis attack as there are changes to the system's response to specially crafted fault conditions during specific steps of cryptographic operations.
+Differential Fault Analysis (DFA) is an attack on that exploits differences in the application's behavior in response to specially-crafted faults or errors. The application is vulnerable to DFA as it is possible to observe different behavior in the application's cryptographic system when faults are induced. This can allow an attacker to compromise the security of cryptographic keys.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/side_channel_attack/emanations_attack/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a emanations attack as there are changes to the electromagnetic emanations across the physical system when it is performing different steps of cryptographic operations.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a emanations attack as there are changes to the electromagnetic emanations across the physical system when it is performing different steps of cryptographic operations. This can allow an attacker to extract sensitive information such as cryptographic keys or other sensitive data processed by the application.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/side_channel_attack/power_analysis_attack/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a power analysis attack as there is uneven power consumption across the system when performing different steps of cryptographic operations.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a power analysis attack as there is uneven power consumption across the system when performing different steps of cryptographic operations. This can allow an attacker to break the confidentiality of requests sent to and from the endpoint.
 
 ## Business Impact
 

submissions/description/cryptographic_weakness/use_of_expired_cryptographic_key_or_cert/template.md

@@ -1,4 +1,4 @@
-# Use of Expired Cryptographic Key (or Certificate)
+# Use of Expired Cryptographic Key or Certificate
 
 ## Overview of the Vulnerability
 

submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the hash does not have a salt which can allow an attacker to use rainbow table attacks.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. A lack of salt in the application's cryptographic hash means that there is no unique randomness added to the hash. This significantly reduces the complexity of an attacker being able to guess the hash value, or perform rainbow table or brute force attacks.
 
 ## Business Impact
 

submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/non_sensitive/template.md

@@ -0,0 +1,22 @@
+# Data Not Encrypted at Rest (Non-Sensitive)
+
+## Overview of the Vulnerability
+
+The device stores non-sensitive data that is not encrypted at rest. Despite the data not being directly exploitable, its accessibility due to lack of encryption allows attackers with physical access to the device to retrieve this information. This exposure could facilitate reverse engineering efforts or aid in future exploitation attempts, indirectly compromising the system's security.
+
+## Business Impact
+
+While the data in question is classified as non-sensitive, its exposure still poses security risks. Unauthorized access to this data can provide attackers with insights into the device's operations or architecture, potentially leading to vulnerabilities being uncovered. This situation can undermine the security posture of the device, leading to increased susceptibility to targeted attacks, erosion of customer confidence, and potential reputational damage.
+
+## Steps to Reproduce
+
+1. Gain physical access to the device and remove the cover as seen in the images below.
+1. Locate the hard drive on the device, and remove it.
+1. Using a external hard drive caddy, mount the device.
+1. Observe that it is possible to access the filesystem, demonstrating the lack of encryption at rest.
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}

submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/sensitive/template.md

@@ -0,0 +1,22 @@
+# Data Not Encrypted at Rest (Sensitive)
+
+## Overview of the Vulnerability
+
+The device stores sensitive data that is not encrypted at rest, compromising the confidentiality and integrity of the data. This oversight allows an attacker with physical access to the device to easily access and potentially compromise the sensitive data contained within, exposing personal information, secrets, or credentials.
+
+## Business Impact
+
+The absence of encryption for sensitive data at rest on the device poses a significant risk to data confidentiality and integrity. This vulnerability can lead to data breaches, unauthorized access to sensitive information, and potential financial and reputational damages to the organization. It undermines the trust of customers and partners and may result in non-compliance with regulatory requirements related to data protection and privacy.
+
+## Steps to Reproduce
+
+1. Gain physical access to the device and remove the cover as seen in the images below.
+1. Locate the hard drive on the device, and remove it.
+1. Using a external hard drive caddy, mount the device.
+1. Observe that it is possible to access the filesystem, demonstrating the lack of encryption at rest.
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}