This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "IoT Attack Surface Area - Administrative Interface"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
* Vulnerabiities
+
The goal of this page is
** Weak Password Policy
+
 
** Lack of Account Lockout
+
{| border="1" class="wikitable" style="text-align: left"
* Data Type
+
! Attack Surface
** Credentials
+
! Vulnerability
 +
! Data Type
 +
|-
 +
| '''Ecosystem Access Control'''
 +
|
 +
* Implicit trust between components
 +
* Enrollment security
 +
* Decommissioning system
 +
* Lost access procedures
 +
|
 +
* Test
 +
|-
 +
| '''Device Memory'''
 +
|
 +
* Cleartext usernames
 +
* Cleartext passwords
 +
* Third-party credentials
 +
* Encryption keys
 +
|
 +
* Test
 +
|-
 +
| '''Device Memory'''
 +
|
 +
* Cleartext usernames
 +
* Cleartext passwords
 +
* Third-party credentials
 +
* Encryption keys
 +
|
 +
* Test
 +
|-
 +
|}

Revision as of 19:07, 7 August 2015

The goal of this page is

Attack Surface Vulnerability Data Type
Ecosystem Access Control
  • Implicit trust between components
  • Enrollment security
  • Decommissioning system
  • Lost access procedures
  • Test
Device Memory
  • Cleartext usernames
  • Cleartext passwords
  • Third-party credentials
  • Encryption keys
  • Test
Device Memory
  • Cleartext usernames
  • Cleartext passwords
  • Third-party credentials
  • Encryption keys
  • Test
Retrieved from "https://wiki.owasp.org/index.php?title=IoT_Attack_Surface_Area_-_Administrative_Interface&oldid=198548"