Insufficient data authenticity validation - Front bypass
Description
The credentials policy present in the system warns that these cannot be consecutive and/or repeated numbers, however this validation is only done in the front end of the application, so it is possible to modify the password from the same request and assign a key that goes against the policies.
Impact
Bypass security policies assigned for user keys.
Recommendation
The key creation policy must be validated on both the front and back ends of the application.
Threat
Attacker without credentials from the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N