Introduction

Vulnerabilities

This is a standardization of the set of vulnerabilities that serve as a basis for the security analysis performed by Fluid Attacks. This is an ever-evolving effort as new types arise every day.

Index

Access Subversion

• 005. Privilege escalation
• 006. Authentication mechanism absence or evasion
• 007. Cross-site request forgery
• 013. Insecure object reference
• 018. Improper authentication for shared folders
• 024. Unrestricted access between network segments - AWS
• 027. Insecure file upload
• 031. Excessive privileges - AWS
• 039. Improper authorization control for web services
• 042. Insecurely generated cookies
• 051. Cracked weak credentials
• 056. Anonymous connection
• 057. Asymmetric denial of service - Content length
• 062. Concurrent sessions
• 068. Insecure session expiration time
• 075. Unauthorized access to files - APK Content Provider
• 076. Insecure session management
• 081. Lack of multi-factor authentication
• 115. Security controls bypass or absence
• 126. Lack of isolation methods
• 128. Insecurely generated cookies - HttpOnly
• 129. Insecurely generated cookies - SameSite
• 130. Insecurely generated cookies - Secure
• 157. Unrestricted access between network segments
• 158. Unrestricted access between network segments - Azure AD
• 159. Excessive privileges
• 160. Excessive privileges - Temporary Files
• 163. Insecure digital certificates
• 201. Unauthorized access to files
• 202. Unauthorized access to files - Debug APK
• 203. Unauthorized access to files - S3 Bucket
• 205. Insufficient Physical Access Controls
• 206. Security controls bypass or absence - Anti hooking
• 207. Security controls bypass or absence - SSLPinning
• 208. Security controls bypass or absence - Antivirus
• 209. Security controls bypass or absence - Emulator
• 210. Security controls bypass or absence - Facial Recognition
• 212. Security controls bypass or absence - Cloudflare
• 240. Authentication mechanism absence or evasion - OTP
• 241. Authentication mechanism absence or evasion - AWS
• 242. Authentication mechanism absence or evasion - WiFi
• 243. Authentication mechanism absence or evasion - Admin Console
• 244. Authentication mechanism absence or evasion - BIOS
• 279. Root detection control bypass
• 280. Session Fixation
• 286. Insecure object reference - Personal information
• 287. Insecure object reference - Corporate information
• 288. Insecure object reference - Financial information
• 295. Insecure session management - Change Password
• 298. Authentication mechanism absence or evasion - Redirect
• 299. Authentication mechanism absence or evasion - JFROG
• 300. Authentication mechanism absence or evasion - Azure
• 301. Concurrent sessions control bypass
• 305. Security controls bypass or absence - Data creation
• 306. Insecure object reference - Files
• 307. Insecure object reference - Data
• 310. Unauthorized access to screen
• 311. Unrestricted access between network segments - JSch
• 325. Excessive privileges - Wildcards
• 328. Insecure object reference - Session management
• 337. Insecure session management - CSRF Fixation
• 345. Security controls bypass or absence - Session Invalidation
• 346. Excessive privileges - Mobile App
• 348. Insecure digital certificates - Lifespan
• 350. Insecure digital certificates - Chain of trust
• 354. Insecure file upload - Files Limit
• 368. Unrestricted access between network segments - StrictHostKeyChecking
• 369. Insecure object reference - User deletion
• 370. Authentication mechanism absence or evasion - Security Image
• 374. Security controls bypass or absence - Debug Protection
• 375. Security controls bypass or absence - Tampering Protection
• 376. Security controls bypass or absence - Reversing Protection
• 436. Security controls bypass or absence - Fingerprint

Data Manipulation

• 098. External control of file name or path
• 103. Insufficient data authenticity validation - APK signing
• 111. Out-of-bounds read
• 123. Local file inclusion
• 204. Insufficient data authenticity validation
• 327. Insufficient data authenticity validation - Images
• 355. Insufficient data authenticity validation - Checksum verification
• 377. Insufficient data authenticity validation - Device Binding
• 383. Insecurely generated token - OTP
• 389. Insufficient data authenticity validation - JAR signing

Deceptive Interactions

• 023. Uncontrolled external site redirect - Host Header Injection
• 032. Spoofing
• 078. Insecurely generated token
• 084. MDNS spoofing
• 086. Missing subresource integrity check
• 097. Reverse tabnabbing
• 100. Server-side request forgery (SSRF)
• 114. Phishing
• 156. Uncontrolled external site redirect
• 182. Email spoofing
• 309. Insecurely generated token - JWT
• 318. Insecurely generated token - Validation
• 322. Insecurely generated token - Lifespan
• 360. Clickjacking
• 408. Traceability Loss - API Gateway

Functionality Abuse

• 002. Asymmetric denial of service
• 003. Symmetric denial of service
• 014. Insecure functionality
• 033. Password change without identity check
• 048. Lack of root detection
• 055. Insecure service configuration - ADB Backups
• 058. Debugging enabled in production - APK
• 060. Insecure service configuration - Host verification
• 061. Remote File Inclusion
• 064. Traceability loss - Server's clock
• 065. Cached form fields
• 067. Improper resource allocation
• 070. Insecure service configuration - ELB
• 072. Duplicate code
• 073. Improper authorization control for web services - RDS
• 079. Non-upgradable dependencies
• 087. Account lockout
• 088. Privacy violation
• 093. Hidden fields manipulation
• 095. Data uniqueness not properly verified
• 101. Lack of protection against deletion
• 102. Email uniqueness not properly verified
• 108. Improper control of interaction frequency
• 109. Unrestricted access between network segments - RDS
• 110. HTTP request smuggling
• 113. Improper type assignation
• 117. Unverifiable files
• 118. Regulation infringement
• 120. Improper dependency pinning
• 122. Email flooding
• 124. Race condition
• 138. Inappropriate coding practices
• 140. Insecure exceptions - Empty or no catch
• 143. Inappropriate coding practices - Eval function
• 145. Inappropriate coding practices - Cyclomatic complexity
• 164. Insecure service configuration
• 165. Insecure service configuration - AWS
• 166. Insecure service configuration - Kerberoast
• 167. Insecure service configuration - Wireless Certificates
• 168. Insecure service configuration - Keystore
• 169. Insecure service configuration - Keys
• 170. Insecure service configuration - Antivirus
• 171. Insecure service configuration - Firewall
• 172. Insecure service configuration - App Backup
• 173. Insecure service configuration - Backup
• 174. Insecure service configuration - Backdoor
• 175. Insecure service configuration - DNS
• 176. Insecure service configuration - SSH
• 177. Insecure service configuration - Security Groups
• 178. Insecure service configuration - RDP
• 179. Insecure service configuration - SMB
• 180. Insecure service configuration - SMTP
• 181. Insecure service configuration - DynamoDB
• 183. Debugging enabled in production
• 200. Traceability loss
• 211. Asymmetric denial of service - ReDoS
• 231. Message flooding
• 233. Incomplete funcional code
• 255. Insecure functionality - Pass the hash
• 256. Lack of protection against deletion - RDS
• 257. Lack of protection against deletion - EC2
• 258. Lack of protection against deletion - ELB
• 259. Lack of protection against deletion - DynamoDB
• 260. Insecure Binary compilation
• 267. Excessive Privileges - Kubernetes
• 268. Insecure service configuration - Webview
• 270. Insecure functionality - File Creation
• 271. Insecure functionality - Password management
• 272. Insecure functionality - Masking
• 273. Insecure functionality - Fingerprint
• 278. Insecure exceptions - NullPointerException
• 285. Insecure service configuration - App Transport Security
• 293. Insecure service configuration - Key pair
• 294. Insecure service configuration - OTP
• 302. Insecure functionality - Session management
• 304. Inappropriate coding practices - Performance
• 308. Enabled default configuration
• 312. Insecure service configuration - Signatures
• 313. Insecure service configuration - Certificates
• 314. Insecure service configuration - DB
• 315. Insecure service configuration - CloudDB
• 316. Improper resource allocation - Buffer overflow
• 317. Improper resource allocation - Memory leak
• 319. Insecure service configuration - Roles
• 320. Insecure service configuration - LDAP
• 324. Insecure functionality - User management
• 333. Insecure service configuration - EC2
• 334. Insecure service configuration - IAM
• 335. Insecure service configuration - Bucket
• 338. Insecure service configuration - Salt
• 339. Insecure service configuration - Request Validation
• 343. Insecure service configuration - BREACH Attack
• 347. Insecure service configuration - Task Hijacking
• 352. Insecure service configuration - Non Masked Variables
• 356. Symmetric denial of service - SMTP
• 357. Symmetric denial of service - FTP
• 358. Insecure service configuration - DocumentBuilderFactory
• 366. Inappropriate coding practices - Transparency Conflict
• 379. Inappropriate coding practices - Unnecessary imports
• 380. Supply Chain Attack - Docker
• 381. Supply Chain Attack - Terraform
• 382. Insufficient data authenticity validation - Front bypass
• 384. Inappropriate coding practices - Wildcard export
• 386. Cross-Site Leak - Frame Counting
• 387. Insecure service configuration - Object Reutilization
• 391. Inappropriate coding practices - Unused properties
• 392. Security controls bypass or absence - Firewall
• 393. Use of software with known vulnerabilities in development
• 394. Insufficient data authenticity validation - Cloudtrail Logs
• 395. Insecure generation of random numbers - Static IV
• 396. Insecure service configuration - KMS
• 398. Fragment Injection
• 399. Security controls absence - Monitoring
• 400. Traceability Loss - AWS
• 401. Insecure service configuration - AKV Secret Expiration
• 402. Traceability Loss - Azure
• 403. Insecure service configuration - usesCleartextTraffic
• 404. OS Command Injection
• 405. Excessive privileges - Access Mode
• 410. Dependency Confusion
• 411. Insecure encryption algorithm - Default encryption
• 412. Lack of protection against deletion - Azure Key Vault
• 413. Insecure file upload - DLL Injection
• 414. Insecure service configuration - Header Checking
• 415. Insecure service configuration - Container level access policy
• 416. XAML injection
• 417. Account Takeover
• 418. Insecure service configuration - Docker
• 419. Traceability Loss - Kubernetes
• 420. Password reset poisoning
• 423. Inappropriate coding practices - System exit
• 426. Supply Chain Attack - Kubernetes
• 428. Inappropriate coding practices - invalid file
• 431. Supply Chain Attack - NPM
• 432. Inappropriate coding practices - relative path command
• 437. Supply Chain Attack - GitHub Actions

Information Collection

• 009. Sensitive information in source code
• 011. Use of software with known vulnerabilities
• 016. Insecure encryption algorithm - SSL/TLS
• 017. Sensitive information sent insecurely
• 019. Administrative credentials stored in cache memory
• 020. Non-encrypted confidential information
• 022. Use of an insecure channel
• 025. Call interception
• 026. User enumeration
• 028. Insecure temporary files
• 030. Sensitive information sent via URL parameters
• 036. ViewState not encrypted
• 037. Technical information leak
• 038. Business information leak
• 040. Exposed web services
• 046. Missing secure obfuscation - APK
• 047. Automatic information enumeration
• 052. Insecure encryption algorithm
• 054. Exposed administrative services
• 059. Sensitive information stored in logs
• 066. Technical information leak - Console functions
• 069. Weak CAPTCHA
• 080. Business information leak - Customers or providers
• 082. Insecurely deleted files
• 085. Sensitive data stored in client-side storage
• 092. Insecure encryption algorithm - Anonymous cipher suites
• 094. Insecure encryption algorithm - Cipher Block Chaining
• 099. Non-encrypted confidential information - S3 Server Side Encryption
• 116. XS-Leaks
• 119. Metadata with sensitive information
• 125. Directory listing
• 133. Insecure encryption algorithm - Perfect Forward Secrecy
• 142. Sensitive information in source code - API Key
• 147. Insecure encryption algorithm - SSLContext
• 148. Use of an insecure channel - FTP
• 149. Use of an insecure channel - SMTP
• 150. Use of an insecure channel - useSslProtocol()
• 151. Use of an insecure channel - Telnet
• 161. Missing secure obfuscation
• 162. Missing secure obfuscation - binary
• 213. Business information leak - JWT
• 214. Business information leak - Credentials
• 215. Business information leak - Repository
• 216. Business information leak - Source Code
• 217. Business information leak - Credit Cards
• 218. Business information leak - Network Unit
• 219. Business information leak - Redis
• 220. Business information leak - Token
• 221. Business information leak - Users
• 222. Business information leak - DB
• 223. Business information leak - JFROG
• 224. Business information leak - AWS
• 225. Business information leak - Azure
• 226. Business information leak - Personal Information
• 227. Business information leak - NAC
• 228. Business information leak - Analytics
• 229. Business information leak - Power BI
• 230. Business information leak - Firestore
• 232. Technical information leak - Angular
• 234. Technical information leak - Stacktrace
• 235. Technical information leak - Headers
• 236. Technical information leak - SourceMap
• 237. Technical information leak - Print Functions
• 238. Technical information leak - API
• 239. Technical information leak - Errors
• 245. Non-encrypted confidential information - Credit Cards
• 246. Non-encrypted confidential information - DB
• 247. Non-encrypted confidential information - AWS
• 248. Non-encrypted confidential information - LDAP
• 249. Non-encrypted confidential information - Credentials
• 250. Non-encrypted hard drives
• 251. Non-encrypted confidential information - JFROG
• 252. Automatic information enumeration - Open ports
• 253. Automatic information enumeration - AWS
• 254. Automatic information enumeration - Credit Cards
• 261. Insecure encryption algorithm - DSA
• 262. Insecure encryption algorithm - SHA1
• 263. Insecure encryption algorithm - MD5
• 264. Insecure encryption algorithm - TripleDES
• 265. Insecure encryption algorithm - AES
• 266. Excessive Privileges - Docker
• 269. Insecure encryption algorithm - Blowfish
• 275. Non-encrypted confidential information - Local data
• 276. Sensitive information sent via URL parameters - Session
• 281. Use of an insecure channel - AWS
• 282. Insecure encryption algorithm - ECB
• 283. Automatic information enumeration - Personal Information
• 284. Non-encrypted confidential information - Base 64
• 289. Technical information leak - Logs
• 290. Technical information leak - IPs
• 291. Business information leak - Financial Information
• 326. Sensitive information in source code - Dependencies
• 331. User Enumeration - Wordpress
• 332. Use of insecure channel - Source code
• 336. Business information leak - Corporate information
• 342. Technical information leak - Alert
• 349. Technical information leak - Credentials
• 351. Automatic information enumeration - Corporate information
• 359. Sensitive information in source code - Credentials
• 367. Sensitive information in source code - Git history
• 372. Use of an insecure channel - HTTP
• 373. Use of an insecure channel - Oracle Database
• 378. Non-encrypted confidential information - Hexadecimal
• 385. Non-encrypted confidential information - Keys
• 406. Non-encrypted confidential information - EFS
• 407. Non-encrypted confidential information - EBS Volumes
• 409. Non-encrypted confidential information - DynamoDB
• 421. Insecure encryption algorithm - Insecure Elliptic Curve
• 427. Use of an insecure channel - Docker
• 433. Non-encrypted confidential information - Redshift Cluster
• 435. Use of software with known vulnerabilities in environments
• 439. Sensitive information in source code - IP
• 441. Non-encrypted confidential information - Azure

Probabilistic Techniques

• 034. Insecure generation of random numbers
• 035. Weak credential policy
• 041. Enabled default credentials
• 050. Guessed weak credentials
• 053. Lack of protection against brute force attacks
• 277. Weak credential policy - Password Expiration
• 296. Weak credential policy - Password Change Limit
• 330. Lack of protection against brute force attacks - Credentials

Protocol Manipulation

• 015. Insecure authentication method - Basic
• 043. Insecure or unset HTTP headers - Content-Security-Policy
• 044. Insecure HTTP methods enabled
• 071. Insecure or unset HTTP headers - Referrer-Policy
• 131. Insecure or unset HTTP headers - Strict Transport Security
• 132. Insecure or unset HTTP headers - X-Content-Type-Options
• 134. Insecure or unset HTTP headers - CORS
• 135. Insecure or unset HTTP headers - X-XSS Protection
• 136. Insecure or unset HTTP headers - Cache Control
• 137. Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
• 152. Insecure or unset HTTP headers - X-Frame Options
• 153. Insecure or unset HTTP headers - Accept
• 329. Insecure or unset HTTP headers - Content-Type
• 388. Insecure authentication method - NTLM
• 397. Insecure authentication method - LDAP
• 440. Insecure or unset HTTP headers - Permissions-Policy

System Manipulation

• 029. Inadequate file size control
• 077. ARP spoofing
• 091. Log injection
• 104. USB flash drive attacks
• 424. Sideloaded

Unexpected Injection

• 001. SQL injection - C Sharp SQL API
• 004. Remote command execution
• 008. Reflected cross-site scripting (XSS)
• 010. Stored cross-site scripting (XSS)
• 012. SQL injection - Java Persistence API
• 021. XPath injection
• 045. HTML code injection
• 063. Lack of data validation - Path Traversal
• 083. XML injection (XXE)
• 089. Lack of data validation - Trust boundary violation
• 090. CSV injection
• 096. Insecure deserialization
• 105. Apache lucene query injection
• 106. NoSQL injection
• 107. LDAP injection
• 112. SQL injection - Java SQL API
• 121. HTTP parameter pollution
• 127. Lack of data validation - Type confusion
• 141. Lack of data validation - URL
• 146. SQL injection
• 154. Time-based SQL Injection
• 155. SQL Injection - Headers
• 184. Lack of data validation
• 185. Lack of data validation - Header x-amzn-RequestId
• 186. Lack of data validation - Web Service
• 187. Lack of data validation - Source Code
• 188. Lack of data validation - Modify DOM Elements
• 189. Lack of data validation - Content Spoofing
• 190. Lack of data validation - Session Cookie
• 191. Lack of data validation - Responses
• 192. Lack of data validation - Reflected Parameters
• 193. Lack of data validation - Host Header Injection
• 194. Lack of data validation - Input Length
• 195. Lack of data validation - Headers
• 196. Lack of data validation - Dates
• 197. Lack of data validation - Numbers
• 198. Lack of data validation - Out of range
• 199. Lack of data validation - Emails
• 274. Restricted fields manipulation
• 297. SQL injection - Code
• 321. Lack of data validation - HTML code
• 323. XML injection (XXE) - Unmarshaller
• 340. Lack of data validation - Special Characters
• 341. Lack of data validation - OTP
• 344. Lack of data validation - Non Sanitized Variables
• 353. Lack of data validation - Token
• 361. Missing secure obfuscation - JavaScript
• 362. Technical information leak - Content response
• 363. Weak credential policy - Password strength
• 364. Weak credential policy - Temporary passwords
• 365. Authentication mechanism absence or evasion - Response tampering
• 371. DOM-Based cross-site scripting (XSS)
• 390. Prototype Pollution
• 422. Server side template injection
• 425. Server side cross-site scripting
• 429. Universal cross-site scripting (UXSS)
• 430. Serverless - one dedicated IAM role per function
• 434. Client-side template injection
• 438. Error-based SQL Injection
• 442. SMTP header injection

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.