logo

Database

Data uniqueness not properly verified

Description

The application does not properly validate the uniqueness of the data, allowing an attacker to reuse or regenerate information that should be valid for one use only.

Impact

Lead to different vulnerabilities by abusing the misconfigured feature.

Recommendation

Implement validations to ensure that the data cannot be reused nor regenerated if the application requires a unique value.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 45 minutes.

Requirements

134 - Store passwords with salt135 - Passwords with random salt185 - Encrypt sensitive information227 - Display access notification229 - Request access credentials264 - Request authentication300 - Mask sensitive data

Fixes

CsharpDartElixirGoJavaPhpPythonRubyScalaTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

L

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

N

Integrity (VI)

L

Availability (VA)

L

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N