Insecure functionality | Fluid Attacks Database

Database

Description

A functionality that is part of the system can be leveraged by an attacker in order to negatively impact it.

Impact

Change the password after the security code has been compromised.

Recommendation

Validate on the server side that the answers to the questions are correct.

Threat

Any customer of the organization authorized from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

266 - Disable insecure functionalities

Rules

Go Dynamic Unsafe Reflection Php Unsafe Reflection Dynamic Call Scala Dynamic Unsafe Reflection Java Code Download Without Validation Java Unsafe Object Binding Kotlin Expression Language Injection Javascript Manual Csrf Token Handling Fetch Python Untrusted Pickle File Deserialization Javascript Manual Csrf Token Handling Xhr C Sharp Dynamic Unsafe Reflection Javascript Manual Csrf Token Handling Ajax Java User Input Xquery Injection Javascript Manual Csrf Token Handling Axios Scala Expression Language Injection Python User Controlled Dynamic Import Ruby Unsafe Input Resource Injection Dart Mirrors Unsafe Reflection Kotlin Class Unsafe Reflection Typescript Manual Csrf Token Handling Ajax Typescript Manual Csrf Token Handling Fetch Ruby Rails Mass Assignment Python Markup Safe User Input Typescript Manual Csrf Token Handling Axios Typescript Manual Csrf Token Handling Xhr

Fixes

Csharp Dart Go Java Php Python Ruby Scala Swift