This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "IoT Attack Surface Area - Administrative Interface"
From OWASP
Craig Smith (talk | contribs) (Created page with "* Administrative Interface ** Weak Password Policy ** Lack of Account Lockout *** Credentials") |
Craig Smith (talk | contribs) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | * | + | The goal of this page is |
| − | ** Weak | + | |
| − | * | + | {| border="1" class="wikitable" style="text-align: left" |
| − | ** | + | ! Attack Surface |
| + | ! Vulnerability | ||
| + | ! Data Type | ||
| + | |- | ||
| + | | '''Ecosystem Access Control''' | ||
| + | | | ||
| + | * Implicit trust between components | ||
| + | * Enrollment security | ||
| + | * Decommissioning system | ||
| + | * Lost access procedures | ||
| + | | | ||
| + | * Test | ||
| + | |- | ||
| + | | '''Device Memory''' | ||
| + | | | ||
| + | * Cleartext usernames | ||
| + | * Cleartext passwords | ||
| + | * Third-party credentials | ||
| + | * Encryption keys | ||
| + | | | ||
| + | * Test | ||
| + | |- | ||
| + | | '''Device Physical Interfaces''' | ||
| + | | | ||
| + | * Firmware extraction | ||
| + | * User CLI | ||
| + | * Admin CLI | ||
| + | * Privilege escalation | ||
| + | * Reset to insecure state | ||
| + | | | ||
| + | * Test | ||
| + | |- | ||
| + | | '''Device Web Interface''' | ||
| + | | | ||
| + | * SQL injection | ||
| + | * Cross-site scripting | ||
| + | * Username enumeration | ||
| + | * Weak passwords | ||
| + | * Account lockout | ||
| + | * Known credentials | ||
| + | | | ||
| + | * Test | ||
| + | |- | ||
| + | |} | ||
Latest revision as of 19:12, 7 August 2015
The goal of this page is
| Attack Surface | Vulnerability | Data Type |
|---|---|---|
| Ecosystem Access Control |
|
|
| Device Memory |
|
|
| Device Physical Interfaces |
|
|
| Device Web Interface |
|
|
