436 – Security controls bypass or absence - Fingerprint

Description

It is possible to perform actions that allow circumventing the identification of the customer by means of his fingerprint.

Impact

- Log in to the allied portal as any user. - Approve or reject a users transactions.

Recommendation

Put in place for every resource with business-critical functionality a strong authentication process and ensure that every user attempting to access it is logged in.

Threat

Anonymous attacker with access to the victim's device.

Expected Remediation Time

450 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: P
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: A

Requirements

• 062 - Define standard configurations
• 266 - Disable insecure functionalities
• 273 - Define a fixed security suite

Fixes

• Csharp
• Go
• Java
• Php
• Python
• Ruby
• Scala

Last updated

2024/02/21