Skip to content

Latest commit

 

History

History
43 lines (31 loc) · 1.91 KB

README.md

File metadata and controls

43 lines (31 loc) · 1.91 KB

A02 - Cryptographic Failures

Introduction and background

In previously OWASP lists, this vulnerability was named Sensitive Data Exposure. OWASP changed the name due to this is more a broad symptom rather than a root cause. The focus should be on failures related to cryptography (or lack thereof), which again could lead to exposure of sensitive data.

CWEs

Notable Common Weakness Enumerations (CWEs):

CVEs

Examples of CVEs :

Examples of attacker scenarios using juice shop

  • Weird Crypto - Inform the shop about an algorithm or library it should definitely not use the way it does.
    • Hint: What is known weak cryptographic algorithms?
    • Create a new juice-shop user and change password for your new user with an easy one e.g 'admin123' and observe response from /change-password (In the Firefox tool)
    • For feedback use http://<yourhost>/#/contact
  • Forged Coupon - Manipulate shopping coupon by discovering crypto algorithm.

Primary defenses