Article Directory
- [1] Low-risk unencrypted connection (Unencrypted connection)
- 2. [low risk] weak SSL encryption (host vulnerability)
- [3] Cookie low risk missing HttpOnly flag (Cookie (s) without HttpOnly flag set)
- [4] Cookie low risk missing secure attribute (Cookie (s) without Secure flag set)
- 5.【低危】X-Frame-Options Header未配置(Clickjacking: X-Frame-Options header missing)
- [6] Low-risk cleartext password field (login request based on HTTP connections)
- 7. [low risk] sensitive directory
[1] Low-risk unencrypted connection (Unencrypted connection)
Vulnerability Description
The goal is to connect to by unencrypted connection. Potential attacker can intercept and modify data from the station to send and receive
Hazard Vulnerability
The possible disclosure of sensitive information
Vulnerability to prove
bp capture, httphistory
Suggested fix
Should be connected to transmit and receive data over a secure (HTTPS)
2. [low risk] weak SSL encryption (host vulnerability)
Vulnerability Description
SSL server certificate is not securely encrypted by default to support weak encryption algorithm, an attacker can crack the encryption algorithms for SSL certificates, steal sensitive information
Hazard Vulnerability
An attacker can crack the encryption algorithms for SSL certificates, steal sensitive information
Vulnerability to prove
Nmap verification tool using the statement:
nmap -p-enum-3389 --script SSL ciphers www.xxxx.com
FIG, SSL encryption using 3DES encryption, the encryption level is C
Suggested fix
Designated security encryption algorithm to encrypt SSL certificates, encryption level should be at least A-level
[3] Cookie low risk missing HttpOnly flag (Cookie (s) without HttpOnly flag set)
Vulnerability Description
This cookie is not set HTTPOnly flag. When using the Cookie HTTPOnly flag is set, it will instruct the browser Cookie can only be accessed by the server, but can not be accessed by the client script. This is an important security session cookie
Hazard Vulnerability
Since the session cookie does not contain the "HttpOnly" attribute, so the injection point of the malicious script could access this cookie, and steal its value. Any information stored in the session token could be stolen and used for identity theft or later users camouflage. If you set the HttpOnly attribute in a cookie, it will not be read by js script to cookie information, which can effectively prevent XSS attacks
Vulnerability to prove
The server cookie issued by the lack of FIG HTTPOnly properties:
Suggested fix
Basically, the only required attribute cookie is a "name" field, you must set the "HttpOnly" attribute, in order to prevent the session cookie is accessing the script
[4] Cookie low risk missing secure attribute (Cookie (s) without Secure flag set)
Vulnerability Description
In the application test, the detected Web application under test session cookie is provided free of "secure" attribute. Secure property is that if a cookie is set Secure = true, then the cookie can only be sent to the server using the https protocol, using http protocol is not sent
Hazard Vulnerability
Since the session cookie does not contain a "secure" attribute, so the user can transmit unencrypted http protocol Cookie, may cause user information to be tapped
Vulnerability to prove
FIG delivered by the lack of secure server cookie attributes:
Suggested fix
Basically, the only required attribute cookie is a "name" field, set a "secure" property to ensure the safety of the cookie
5.【低危】X-Frame-Options Header未配置(Clickjacking: X-Frame-Options header missing)
Vulnerability Description
X-Frame-Options HTTP response header is used to allow a browser to indicate whether the page,
to show or labeled. Web site can use this feature to ensure that the content of your site is not embedded into other people's websites go, so as to avoid clickjacking (clickjacking) attacks
Hazard Vulnerability
Website content may be referenced by other sites, may be subjected to clickjacking attacks
Vulnerability to prove
FIG missing packet the server returns X-Frame-Options properties:
Suggested fix
Was added to the site in response to X-Frame-Options header, assignment has the following three:
. 1, DENY: in any case not display frame;
2, SAMEORIGIN: only displayed in a frame in the homologous domain;
. 3, the ALLOW the FROM-URI: only the frame under the specified domain name. The Modify Profile Add Apache "Header
Always the append-X-Frame-SAMEORIGIN the Options"; the Nginx Modify Profile "the add_header
X-Frame--SAMEORIGIN the Options;"
[6] Low-risk cleartext password field (login request based on HTTP connections)
Vulnerability Description
In the context of the HTTP transaction, the basic access authentication is a HTTP user agent sends a request to provide a user name and password method. This directory is protected by basic authentication when connecting via HTTP. Basic user authentication credentials as plain text, because they do not use HTTPS, you them susceptible packet sniffer
Hazard Vulnerability
An attacker could exploit the vulnerability through an intermediary, hijacking and other attacks, sniffing the password field during transmission
Vulnerability to prove
bp capture, the leakage can be found expressly request packet
Suggested fix
Using https protocol, passwords and other critical information field take to be transmitted in encrypted
7. [low risk] sensitive directory
Vulnerability Description
Web applications revealed some directory name, this information can help attackers further attacks on the site
Hazard Vulnerability
Catalog exposed sensitive information, for an attacker to collect information using pre-test. Once you know the directory, then the attacker could obtain a directory below the file name, might be able to guess the other file or directory name, and try to access them. These may contain sensitive information. An attacker by collecting information in order to further attack the target site
Vulnerability to prove
Direct access url, view information
Suggested fix
1. Use unconventional directory name
2. specific directory permissions set a reasonable