This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "IoT Attack Surface Area - Administrative Interface"

From OWASP
Jump to: navigation, search
Line 24: Line 24:
 
* Test
 
* Test
 
|-  
 
|-  
| '''Device Memory'''
+
| '''Device Physical Interfaces'''
 
|
 
|
* Cleartext usernames
+
* Firmware extraction
* Cleartext passwords
+
* User CLI
* Third-party credentials
+
* Admin CLI
* Encryption keys
+
* Privilege escalation
 +
* Reset to insecure state
 +
|
 +
* Test
 +
| '''Device Web Interface'''
 +
|
 +
* SQL injection
 +
* Cross-site scripting
 +
* Username enumeration
 +
* Weak passwords
 +
* Account lockout
 +
* Known credentials
 
|
 
|
 
* Test
 
* Test
 
|-  
 
|-  
 
|}
 
|}

Revision as of 19:11, 7 August 2015

The goal of this page is

Attack Surface Vulnerability Data Type
Ecosystem Access Control
  • Implicit trust between components
  • Enrollment security
  • Decommissioning system
  • Lost access procedures
  • Test
Device Memory
  • Cleartext usernames
  • Cleartext passwords
  • Third-party credentials
  • Encryption keys
  • Test
Device Physical Interfaces
  • Firmware extraction
  • User CLI
  • Admin CLI
  • Privilege escalation
  • Reset to insecure state
  • Test
 Device Web Interface
  • SQL injection
  • Cross-site scripting
  • Username enumeration
  • Weak passwords
  • Account lockout
  • Known credentials
  • Test
Retrieved from "https://wiki.owasp.org/index.php?title=IoT_Attack_Surface_Area_-_Administrative_Interface&oldid=198549"