Introduction
Vulnerabilities
This is a standardization of the set of vulnerabilities that serve as a basis for the security analysis performed by Fluid Attacks. This is an ever-evolving effort as new types arise every day.
Index
Access Subversion
- 005. Privilege escalation
- 006. Authentication mechanism absence or evasion
- 007. Cross-site request forgery
- 013. Insecure object reference
- 018. Improper authentication for shared folders
- 024. Unrestricted access between network segments - AWS
- 027. Insecure file upload
- 031. Excessive privileges - AWS
- 039. Improper authorization control for web services
- 042. Insecurely generated cookies
- 051. Cracked weak credentials
- 056. Anonymous connection
- 057. Asymmetric denial of service - Content length
- 062. Concurrent sessions
- 068. Insecure session expiration time
- 075. Unauthorized access to files - APK Content Provider
- 076. Insecure session management
- 081. Lack of multi-factor authentication
- 115. Security controls bypass or absence
- 126. Lack of isolation methods
- 128. Insecurely generated cookies - HttpOnly
- 129. Insecurely generated cookies - SameSite
- 130. Insecurely generated cookies - Secure
- 157. Unrestricted access between network segments
- 158. Unrestricted access between network segments - Azure AD
- 159. Excessive privileges
- 160. Excessive privileges - Temporary Files
- 163. Insecure digital certificates
- 201. Unauthorized access to files
- 202. Unauthorized access to files - Debug APK
- 203. Unauthorized access to files - S3 Bucket
- 205. Insufficient Physical Access Controls
- 206. Security controls bypass or absence - Anti hooking
- 207. Security controls bypass or absence - SSLPinning
- 208. Security controls bypass or absence - Antivirus
- 209. Security controls bypass or absence - Emulator
- 210. Security controls bypass or absence - Facial Recognition
- 212. Security controls bypass or absence - Cloudflare
- 240. Authentication mechanism absence or evasion - OTP
- 241. Authentication mechanism absence or evasion - AWS
- 242. Authentication mechanism absence or evasion - WiFi
- 243. Authentication mechanism absence or evasion - Admin Console
- 244. Authentication mechanism absence or evasion - BIOS
- 279. Root detection control bypass
- 280. Session Fixation
- 286. Insecure object reference - Personal information
- 287. Insecure object reference - Corporate information
- 288. Insecure object reference - Financial information
- 295. Insecure session management - Change Password
- 298. Authentication mechanism absence or evasion - Redirect
- 299. Authentication mechanism absence or evasion - JFROG
- 300. Authentication mechanism absence or evasion - Azure
- 301. Concurrent sessions control bypass
- 305. Security controls bypass or absence - Data creation
- 306. Insecure object reference - Files
- 307. Insecure object reference - Data
- 310. Unauthorized access to screen
- 311. Unrestricted access between network segments - JSch
- 325. Excessive privileges - Wildcards
- 328. Insecure object reference - Session management
- 337. Insecure session management - CSRF Fixation
- 345. Security controls bypass or absence - Session Invalidation
- 346. Excessive privileges - Mobile App
- 348. Insecure digital certificates - Lifespan
- 350. Insecure digital certificates - Chain of trust
- 354. Insecure file upload - Files Limit
- 368. Unrestricted access between network segments - StrictHostKeyChecking
- 369. Insecure object reference - User deletion
- 370. Authentication mechanism absence or evasion - Security Image
- 374. Security controls bypass or absence - Debug Protection
- 375. Security controls bypass or absence - Tampering Protection
- 376. Security controls bypass or absence - Reversing Protection
- 436. Security controls bypass or absence - Fingerprint
Data Manipulation
- 098. External control of file name or path
- 103. Insufficient data authenticity validation - APK signing
- 111. Out-of-bounds read
- 123. Local file inclusion
- 204. Insufficient data authenticity validation
- 327. Insufficient data authenticity validation - Images
- 355. Insufficient data authenticity validation - Checksum verification
- 377. Insufficient data authenticity validation - Device Binding
- 383. Insecurely generated token - OTP
- 389. Insufficient data authenticity validation - JAR signing
Deceptive Interactions
- 023. Uncontrolled external site redirect - Host Header Injection
- 032. Spoofing
- 078. Insecurely generated token
- 084. MDNS spoofing
- 086. Missing subresource integrity check
- 097. Reverse tabnabbing
- 100. Server-side request forgery (SSRF)
- 114. Phishing
- 156. Uncontrolled external site redirect
- 182. Email spoofing
- 309. Insecurely generated token - JWT
- 318. Insecurely generated token - Validation
- 322. Insecurely generated token - Lifespan
- 360. Clickjacking
- 408. Traceability Loss - API Gateway
Functionality Abuse
- 002. Asymmetric denial of service
- 003. Symmetric denial of service
- 014. Insecure functionality
- 033. Password change without identity check
- 048. Lack of root detection
- 055. Insecure service configuration - ADB Backups
- 058. Debugging enabled in production - APK
- 060. Insecure service configuration - Host verification
- 061. Remote File Inclusion
- 064. Traceability loss - Server's clock
- 065. Cached form fields
- 067. Improper resource allocation
- 070. Insecure service configuration - ELB
- 072. Duplicate code
- 073. Improper authorization control for web services - RDS
- 079. Non-upgradable dependencies
- 087. Account lockout
- 088. Privacy violation
- 093. Hidden fields manipulation
- 095. Data uniqueness not properly verified
- 101. Lack of protection against deletion
- 102. Email uniqueness not properly verified
- 108. Improper control of interaction frequency
- 109. Unrestricted access between network segments - RDS
- 110. HTTP request smuggling
- 113. Improper type assignation
- 117. Unverifiable files
- 118. Regulation infringement
- 120. Improper dependency pinning
- 122. Email flooding
- 124. Race condition
- 138. Inappropriate coding practices
- 140. Insecure exceptions - Empty or no catch
- 143. Inappropriate coding practices - Eval function
- 145. Inappropriate coding practices - Cyclomatic complexity
- 164. Insecure service configuration
- 165. Insecure service configuration - AWS
- 166. Insecure service configuration - Kerberoast
- 167. Insecure service configuration - Wireless Certificates
- 168. Insecure service configuration - Keystore
- 169. Insecure service configuration - Keys
- 170. Insecure service configuration - Antivirus
- 171. Insecure service configuration - Firewall
- 172. Insecure service configuration - App Backup
- 173. Insecure service configuration - Backup
- 174. Insecure service configuration - Backdoor
- 175. Insecure service configuration - DNS
- 176. Insecure service configuration - SSH
- 177. Insecure service configuration - Security Groups
- 178. Insecure service configuration - RDP
- 179. Insecure service configuration - SMB
- 180. Insecure service configuration - SMTP
- 181. Insecure service configuration - DynamoDB
- 183. Debugging enabled in production
- 200. Traceability loss
- 211. Asymmetric denial of service - ReDoS
- 231. Message flooding
- 233. Incomplete funcional code
- 255. Insecure functionality - Pass the hash
- 256. Lack of protection against deletion - RDS
- 257. Lack of protection against deletion - EC2
- 258. Lack of protection against deletion - ELB
- 259. Lack of protection against deletion - DynamoDB
- 260. Insecure Binary compilation
- 267. Excessive Privileges - Kubernetes
- 268. Insecure service configuration - Webview
- 270. Insecure functionality - File Creation
- 271. Insecure functionality - Password management
- 272. Insecure functionality - Masking
- 273. Insecure functionality - Fingerprint
- 278. Insecure exceptions - NullPointerException
- 285. Insecure service configuration - App Transport Security
- 293. Insecure service configuration - Key pair
- 294. Insecure service configuration - OTP
- 302. Insecure functionality - Session management
- 304. Inappropriate coding practices - Performance
- 308. Enabled default configuration
- 312. Insecure service configuration - Signatures
- 313. Insecure service configuration - Certificates
- 314. Insecure service configuration - DB
- 315. Insecure service configuration - CloudDB
- 316. Improper resource allocation - Buffer overflow
- 317. Improper resource allocation - Memory leak
- 319. Insecure service configuration - Roles
- 320. Insecure service configuration - LDAP
- 324. Insecure functionality - User management
- 333. Insecure service configuration - EC2
- 334. Insecure service configuration - IAM
- 335. Insecure service configuration - Bucket
- 338. Insecure service configuration - Salt
- 339. Insecure service configuration - Request Validation
- 343. Insecure service configuration - BREACH Attack
- 347. Insecure service configuration - Task Hijacking
- 352. Insecure service configuration - Non Masked Variables
- 356. Symmetric denial of service - SMTP
- 357. Symmetric denial of service - FTP
- 358. Insecure service configuration - DocumentBuilderFactory
- 366. Inappropriate coding practices - Transparency Conflict
- 379. Inappropriate coding practices - Unnecessary imports
- 380. Supply Chain Attack - Docker
- 381. Supply Chain Attack - Terraform
- 382. Insufficient data authenticity validation - Front bypass
- 384. Inappropriate coding practices - Wildcard export
- 386. Cross-Site Leak - Frame Counting
- 387. Insecure service configuration - Object Reutilization
- 391. Inappropriate coding practices - Unused properties
- 392. Security controls bypass or absence - Firewall
- 393. Use of software with known vulnerabilities in development
- 394. Insufficient data authenticity validation - Cloudtrail Logs
- 395. Insecure generation of random numbers - Static IV
- 396. Insecure service configuration - KMS
- 398. Fragment Injection
- 399. Security controls absence - Monitoring
- 400. Traceability Loss - AWS
- 401. Insecure service configuration - AKV Secret Expiration
- 402. Traceability Loss - Azure
- 403. Insecure service configuration - usesCleartextTraffic
- 404. OS Command Injection
- 405. Excessive privileges - Access Mode
- 410. Dependency Confusion
- 411. Insecure encryption algorithm - Default encryption
- 412. Lack of protection against deletion - Azure Key Vault
- 413. Insecure file upload - DLL Injection
- 414. Insecure service configuration - Header Checking
- 415. Insecure service configuration - Container level access policy
- 416. XAML injection
- 417. Account Takeover
- 418. Insecure service configuration - Docker
- 419. Traceability Loss - Kubernetes
- 420. Password reset poisoning
- 423. Inappropriate coding practices - System exit
- 426. Supply Chain Attack - Kubernetes
- 428. Inappropriate coding practices - invalid file
- 431. Supply Chain Attack - NPM
- 432. Inappropriate coding practices - relative path command
- 437. Supply Chain Attack - GitHub Actions
Information Collection
- 009. Sensitive information in source code
- 011. Use of software with known vulnerabilities
- 016. Insecure encryption algorithm - SSL/TLS
- 017. Sensitive information sent insecurely
- 019. Administrative credentials stored in cache memory
- 020. Non-encrypted confidential information
- 022. Use of an insecure channel
- 025. Call interception
- 026. User enumeration
- 028. Insecure temporary files
- 030. Sensitive information sent via URL parameters
- 036. ViewState not encrypted
- 037. Technical information leak
- 038. Business information leak
- 040. Exposed web services
- 046. Missing secure obfuscation - APK
- 047. Automatic information enumeration
- 052. Insecure encryption algorithm
- 054. Exposed administrative services
- 059. Sensitive information stored in logs
- 066. Technical information leak - Console functions
- 069. Weak CAPTCHA
- 080. Business information leak - Customers or providers
- 082. Insecurely deleted files
- 085. Sensitive data stored in client-side storage
- 092. Insecure encryption algorithm - Anonymous cipher suites
- 094. Insecure encryption algorithm - Cipher Block Chaining
- 099. Non-encrypted confidential information - S3 Server Side Encryption
- 116. XS-Leaks
- 119. Metadata with sensitive information
- 125. Directory listing
- 133. Insecure encryption algorithm - Perfect Forward Secrecy
- 142. Sensitive information in source code - API Key
- 147. Insecure encryption algorithm - SSLContext
- 148. Use of an insecure channel - FTP
- 149. Use of an insecure channel - SMTP
- 150. Use of an insecure channel - useSslProtocol()
- 151. Use of an insecure channel - Telnet
- 161. Missing secure obfuscation
- 162. Missing secure obfuscation - binary
- 213. Business information leak - JWT
- 214. Business information leak - Credentials
- 215. Business information leak - Repository
- 216. Business information leak - Source Code
- 217. Business information leak - Credit Cards
- 218. Business information leak - Network Unit
- 219. Business information leak - Redis
- 220. Business information leak - Token
- 221. Business information leak - Users
- 222. Business information leak - DB
- 223. Business information leak - JFROG
- 224. Business information leak - AWS
- 225. Business information leak - Azure
- 226. Business information leak - Personal Information
- 227. Business information leak - NAC
- 228. Business information leak - Analytics
- 229. Business information leak - Power BI
- 230. Business information leak - Firestore
- 232. Technical information leak - Angular
- 234. Technical information leak - Stacktrace
- 235. Technical information leak - Headers
- 236. Technical information leak - SourceMap
- 237. Technical information leak - Print Functions
- 238. Technical information leak - API
- 239. Technical information leak - Errors
- 245. Non-encrypted confidential information - Credit Cards
- 246. Non-encrypted confidential information - DB
- 247. Non-encrypted confidential information - AWS
- 248. Non-encrypted confidential information - LDAP
- 249. Non-encrypted confidential information - Credentials
- 250. Non-encrypted hard drives
- 251. Non-encrypted confidential information - JFROG
- 252. Automatic information enumeration - Open ports
- 253. Automatic information enumeration - AWS
- 254. Automatic information enumeration - Credit Cards
- 261. Insecure encryption algorithm - DSA
- 262. Insecure encryption algorithm - SHA1
- 263. Insecure encryption algorithm - MD5
- 264. Insecure encryption algorithm - TripleDES
- 265. Insecure encryption algorithm - AES
- 266. Excessive Privileges - Docker
- 269. Insecure encryption algorithm - Blowfish
- 275. Non-encrypted confidential information - Local data
- 276. Sensitive information sent via URL parameters - Session
- 281. Use of an insecure channel - AWS
- 282. Insecure encryption algorithm - ECB
- 283. Automatic information enumeration - Personal Information
- 284. Non-encrypted confidential information - Base 64
- 289. Technical information leak - Logs
- 290. Technical information leak - IPs
- 291. Business information leak - Financial Information
- 326. Sensitive information in source code - Dependencies
- 331. User Enumeration - Wordpress
- 332. Use of insecure channel - Source code
- 336. Business information leak - Corporate information
- 342. Technical information leak - Alert
- 349. Technical information leak - Credentials
- 351. Automatic information enumeration - Corporate information
- 359. Sensitive information in source code - Credentials
- 367. Sensitive information in source code - Git history
- 372. Use of an insecure channel - HTTP
- 373. Use of an insecure channel - Oracle Database
- 378. Non-encrypted confidential information - Hexadecimal
- 385. Non-encrypted confidential information - Keys
- 406. Non-encrypted confidential information - EFS
- 407. Non-encrypted confidential information - EBS Volumes
- 409. Non-encrypted confidential information - DynamoDB
- 421. Insecure encryption algorithm - Insecure Elliptic Curve
- 427. Use of an insecure channel - Docker
- 433. Non-encrypted confidential information - Redshift Cluster
- 435. Use of software with known vulnerabilities in environments
- 439. Sensitive information in source code - IP
- 441. Non-encrypted confidential information - Azure
Probabilistic Techniques
- 034. Insecure generation of random numbers
- 035. Weak credential policy
- 041. Enabled default credentials
- 050. Guessed weak credentials
- 053. Lack of protection against brute force attacks
- 277. Weak credential policy - Password Expiration
- 296. Weak credential policy - Password Change Limit
- 330. Lack of protection against brute force attacks - Credentials
Protocol Manipulation
- 015. Insecure authentication method - Basic
- 043. Insecure or unset HTTP headers - Content-Security-Policy
- 044. Insecure HTTP methods enabled
- 071. Insecure or unset HTTP headers - Referrer-Policy
- 131. Insecure or unset HTTP headers - Strict Transport Security
- 132. Insecure or unset HTTP headers - X-Content-Type-Options
- 134. Insecure or unset HTTP headers - CORS
- 135. Insecure or unset HTTP headers - X-XSS Protection
- 136. Insecure or unset HTTP headers - Cache Control
- 137. Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
- 152. Insecure or unset HTTP headers - X-Frame Options
- 153. Insecure or unset HTTP headers - Accept
- 329. Insecure or unset HTTP headers - Content-Type
- 388. Insecure authentication method - NTLM
- 397. Insecure authentication method - LDAP
- 440. Insecure or unset HTTP headers - Permissions-Policy
System Manipulation
- 029. Inadequate file size control
- 077. ARP spoofing
- 091. Log injection
- 104. USB flash drive attacks
- 424. Sideloaded
Unexpected Injection
- 001. SQL injection - C Sharp SQL API
- 004. Remote command execution
- 008. Reflected cross-site scripting (XSS)
- 010. Stored cross-site scripting (XSS)
- 012. SQL injection - Java Persistence API
- 021. XPath injection
- 045. HTML code injection
- 063. Lack of data validation - Path Traversal
- 083. XML injection (XXE)
- 089. Lack of data validation - Trust boundary violation
- 090. CSV injection
- 096. Insecure deserialization
- 105. Apache lucene query injection
- 106. NoSQL injection
- 107. LDAP injection
- 112. SQL injection - Java SQL API
- 121. HTTP parameter pollution
- 127. Lack of data validation - Type confusion
- 141. Lack of data validation - URL
- 146. SQL injection
- 154. Time-based SQL Injection
- 155. SQL Injection - Headers
- 184. Lack of data validation
- 185. Lack of data validation - Header x-amzn-RequestId
- 186. Lack of data validation - Web Service
- 187. Lack of data validation - Source Code
- 188. Lack of data validation - Modify DOM Elements
- 189. Lack of data validation - Content Spoofing
- 190. Lack of data validation - Session Cookie
- 191. Lack of data validation - Responses
- 192. Lack of data validation - Reflected Parameters
- 193. Lack of data validation - Host Header Injection
- 194. Lack of data validation - Input Length
- 195. Lack of data validation - Headers
- 196. Lack of data validation - Dates
- 197. Lack of data validation - Numbers
- 198. Lack of data validation - Out of range
- 199. Lack of data validation - Emails
- 274. Restricted fields manipulation
- 297. SQL injection - Code
- 321. Lack of data validation - HTML code
- 323. XML injection (XXE) - Unmarshaller
- 340. Lack of data validation - Special Characters
- 341. Lack of data validation - OTP
- 344. Lack of data validation - Non Sanitized Variables
- 353. Lack of data validation - Token
- 361. Missing secure obfuscation - JavaScript
- 362. Technical information leak - Content response
- 363. Weak credential policy - Password strength
- 364. Weak credential policy - Temporary passwords
- 365. Authentication mechanism absence or evasion - Response tampering
- 371. DOM-Based cross-site scripting (XSS)
- 390. Prototype Pollution
- 422. Server side template injection
- 425. Server side cross-site scripting
- 429. Universal cross-site scripting (UXSS)
- 430. Serverless - one dedicated IAM role per function
- 434. Client-side template injection
- 438. Error-based SQL Injection
- 442. SMTP header injection
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.