Difference between revisions of "Discrepancy Information Leaks"

Latest revision as of 16:45, 11 April 2009

#REDIRECT:Category:Attack

Last revision (mm/dd/yy): 04/11/2009

Application reveals details about its inner working by behaving differently, or sending different responses, to different user inputs.

Attackers try to observe the internal working of the application to obtain clues of attacks.

TBD

A short example description, small picture, or sample code with links

A short example description, small picture, or sample code with links

Attack 1
Attack 2
Attacks that can take advantage of the information revealed in this vulnerability. For example, if an attacker knows whether a user name exists or not through the login response, he can accordingly change his strategy of a brute-force attack.

@@ Line 1: / Line 1: @@
-{{Template:Vulnerability}}
+{{template:CandidateForDeletion}}
-{{Template:Stub}}
+ #REDIRECT[[::Category:Attack]]
-[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
 Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
-[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
-[[ASDR Table of Contents]]
-__TOC__
@@ Line 42: / Line 36: @@
 ==Related [[Vulnerabilities]]==
-*  [[Error Message Infoleaks]]
 ==Related [[Controls]]==
@@ Line 54: / Line 47: @@
 ==References==
 TBD
-[[Category:FIXME|add links
-In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
-Availability Vulnerability
-Authorization Vulnerability
-Authentication Vulnerability
-Concurrency Vulnerability
-Configuration Vulnerability
-Cryptographic Vulnerability
-Encoding Vulnerability
-Error Handling Vulnerability
-Input Validation Vulnerability
-Logging and Auditing Vulnerability
-Session Management Vulnerability]]
-__NOTOC__
-[[Category:OWASP ASDR Project]]