095 – Data uniqueness not properly verified

Description

The application does not properly validate the uniqueness of the data, allowing an attacker to reuse or regenerate information that should be valid for one use only.

Impact

Lead to different vulnerabilities by abusing the misconfigured feature.

Recommendation

Implement validations to ensure that the data cannot be reused nor regenerated if the application requires a unique value.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

45 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): L
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 134 - Store passwords with salt
• 135 - Passwords with random salt
• 185 - Encrypt sensitive information
• 227 - Display access notification
• 229 - Request access credentials
• 264 - Request authentication
• 300 - Mask sensitive data

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/12