375 – Security controls bypass or absence - Tampering Protection

Description

The application has no control to ensure that a third party has not modified and recompiled the application, allowing to modify and evade validations such as the detection of a root user on the device.

Impact

Elude application validations.

Recommendation

Perform validations on the server during the entire application process.

Threat

Authorized attacker from the Internet.

Expected Remediation Time

450 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 062 - Define standard configurations
• 266 - Disable insecure functionalities

Fixes

• Go
• Java
• Ruby
• Scala

Last updated

2024/02/20