This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Pages that link to "Technical Impacts"
The following pages link to Technical Impacts:
View (previous 500 | next 500) (20 | 50 | 100 | 250 | 500)- Insecure Compiler Optimization (← links)
- Insecure Default Permissions (← links)
- Insecure Temporary File (← links)
- Insecure default variable initialization (← links)
- Insecure execution-assigned permissions (← links)
- Insecure inherited permissions (← links)
- Insecure preserved inherited permissions (← links)
- Installation Issues (← links)
- Insufficient Entropy (← links)
- Insufficient Resource Locking (← links)
- Insufficient Resource Pool (← links)
- Insufficient privileges (← links)
- J2EE Bad Practices: Sockets (← links)
- J2EE Bad Practices: System.exit() (← links)
- J2EE Bad Practices: Threads (← links)
- J2EE Bad Practices: getConnection() (← links)
- Insecure Transport (← links)
- Insufficient Session-ID Length (← links)
- Missing Error Handling (← links)
- J2EE Misconfiguration: Weak Access Permissions (← links)
- J2EE Time and State Issues (← links)
- Least Privilege Violation (← links)
- Leftover Debug Code (← links)
- Mac virtual file problems (← links)
- Memory leak (← links)
- Misinterpretation error (← links)
- Missing access control (← links)
- Missing critical step in authentication (← links)
- Missing element error (← links)
- Missing error status code (← links)
- Missing handler (← links)
- Missing initialization (← links)
- Missing lock check (← links)
- Missing required cryptographic step (← links)
- Missing special element (← links)
- Missing value error (← links)
- Mixed encoding (← links)
- Modification of assumed-immutable data (← links)
- Multiple failed authentication attempts not prevented (← links)
- Multiple internal special element (← links)
- Multiple interpretation error (MIE) (← links)
- Multiple interpretations of UI input (← links)
- Multiple Leading Special Elements (← links)
- Multiple Trailing Special Elements (← links)
- Mutable objects passed by reference (← links)
- No authentication for critical function (← links)
- Obscured Security-relevant Information by Alternate Name (← links)
- Obsolete feature in UI (← links)
- Off-by-one Error (← links)
- Often Misused: Path Manipulation (← links)
- Omission of Security-relevant Information (← links)
- Origin Validation Error (← links)
- Other length calculation error (← links)
- Out-of-bounds Read (← links)
- Overly Restrictive Regular Expression (← links)
- Ownership errors (← links)
- PHP External Variable Modification (← links)
- PHP File Inclusion (← links)
- PRNG Seed Error (← links)
- Parameter Problems (← links)
- Partial Comparison (← links)
- Patch Issues (← links)
- Path Equivalence (← links)
- Path Issue - Windows 8.3 Filename (← links)
- Path Issue - Windows UNC share - '/UNC/share/name/' (← links)
- Path Issue - asterisk wildcard - filedir* (← links)
- Path Issue - backslash absolute path - /absolute/pathname/here (← links)
- Path Issue - directory doubled dot dot backslash (← links)
- Path Issue - directory doubled dot dot slash (← links)
- Path Issue - dirname/fakechild/ (← links)
- Path Issue - dot dot backslash (← links)
- Path Issue - doubled dot dot slash (← links)
- Path Issue - doubled triple dot slash (← links)
- Path Issue - drive letter or Windows volume - 'C:dirname' (← links)
- Path Issue - internal dot - 'file.ordir' (← links)
- Path Issue - internal space - file(SPACE)name (← links)
- Path Issue - leading directory dot dot backslash (← links)
- Path Issue - leading directory dot dot slash (← links)
- Path Issue - leading dot dot backslash (← links)
- Path Issue - leading dot dot slash (← links)
- Path Issue - leading space (← links)
- Path Issue - multiple dot (← links)
- Path Issue - multiple internal backslash (← links)
- Path Issue - multiple leading slash (← links)
- Path Issue - multiple trailing dot (← links)
- Path Issue - multiple trailing slash (← links)
- Path Issue - single dot directory (← links)
- Path Issue - slash absolute path (← links)
- Path Issue - trailing backslash (← links)
- Path Issue - trailing dot (← links)
- Path Issue - trailing slash (← links)
- Path Issue - trailing space (← links)
- Path Issue - triple dot (← links)
- Pathname Traversal and Equivalence Errors (← links)
- Permission errors (← links)
- Permission preservation failure (← links)
- Permissions, Privileges, and ACLs (← links)
- Permissive Whitelist (← links)
- Password Plaintext Storage (← links)
- Plaintext Storage in Cookie (← links)
- Plaintext Storage in Executable (← links)
- Plaintext Storage in File or on Disk (← links)
- Plaintext Storage in GUI (← links)
- Plaintext Storage in Memory (← links)
- Plaintext Storage of Sensitive Information (← links)
- Pointer Issues (← links)
- Porting Issues (← links)
- Predictability problems (← links)
- Predictable Exact Value from Previous Values (← links)
- Predictable Seed in PRNG (← links)
- Predictable Value Range from Previous Values (← links)
- Predictable from Observable State (← links)
- Private Array-Typed Field Returned From A Public Method (← links)
- Privilege / sandbox errors (← links)
- Privilege Chaining (← links)
- Privilege Context Switching Error (← links)
- Privilege Dropping / Lowering Errors (← links)
- Privilege Management Error (← links)
- Process Control (← links)
- Process information infoleak to other processes (← links)
- Product UI does not warn user of unsafe actions (← links)
- Product-External Error Message Infoleak (← links)
- Product-Generated Error Message Infoleak (← links)
- Proxied Trusted Channel (← links)
- Public Data Assigned to Private Array-Typed Field (← links)
- Race condition enabling link following (← links)
- Randomness and Predictability (← links)
- Record Delimiter (← links)
- Regular Expression Error (← links)
- Representation Errors (← links)
- Requirements Issues (← links)
- Resource Locking problems (← links)
- Resource Management Errors (← links)
- Resource leaks (← links)
- Response discrepancy infoleak (← links)
- Reversible One-Way Hash (← links)
- Sensitive Data Under Web Root (← links)
- Sensitive Information Uncleared Before Use (← links)
- Signal Errors (← links)
- Small Seed Space in PRNG (← links)
- Small Space of Random Values (← links)
- Static Value in Unpredictable Context (← links)
- Improper Data Validation (← links)
- Struts: Erroneous validate() Method (← links)
- Struts: Form Bean Does Not Extend Validation Class (← links)
- Struts: Form Field Without Validator (← links)
- Struts: Plug-in Framework Not In Use (← links)
- Struts: Unused Validation Form (← links)
- Struts: Unvalidated Action Form (← links)
- Struts: Validator Turned Off (← links)
- Struts: Validator Without Form Field (← links)
- Substitution Character (← links)
- System Configuration Issues (← links)
- System Operations Issues (← links)
- Technology-Specific Input Validation Problems (← links)
- Technology-Specific Special Elements (← links)
- Technology-Specific Time and State Issues (← links)
- Technology-specific Environment Issues (← links)
- Temporary File Issues (← links)
- Testing Issues (← links)
- The UI performs the wrong action (← links)
- Time and State (← links)
- Time of Introduction (← links)
- Time-of-check Time-of-use race condition (← links)
- Timing discrepancy infoleak (← links)
- Trailing Special Element (← links)
- Trapdoor (← links)
- Truncation of Security-relevant Information (← links)
- UI Misrepresentation of Critical Information (← links)
- UNIX Path Link problems (← links)
- UNIX file descriptor leak (← links)
- UNIX hard link (← links)
- UNIX symbolic link (symlink) following (← links)
- URL Encoding (Hex Encoding) (← links)
- Uncontrolled Search Path Element (← links)
- Undefined Behavior (← links)
- Undefined Parameter Error (← links)
- Undefined Value Error (← links)
- Unexpected Status Code or Return Value (← links)
- Unimplemented or unsupported feature in UI (← links)
- Unintended proxy/intermediary (← links)
- Unparsed Raw Web Content Delivery (← links)
- Unprotected Primary Channel (← links)
- Unquoted Search Path or Element (← links)
- Unrestricted Critical Resource Lock (← links)
- Unrestricted File Upload (← links)
- Unsafe JNI (← links)
- Unsafe Privilege (← links)
- Unsafe use of Reflection (← links)
- Untrusted Data Appended with Trusted Data (← links)
- Unverified Ownership (← links)
- Use of Less Trusted Source (← links)
- User Interface Quality Errors (← links)
- User Interface Security Errors (← links)
- User interface inconsistency (← links)
- User management errors (← links)
- Validate-Before-Canonicalize (← links)
- Validate-Before-Filter (← links)
- Value Delimiter (← links)
- Value Problems (← links)
- Variable Name Delimiter (← links)
- Virtual Files (← links)
- Weak Encryption (← links)
- Wrong Data Type (← links)
- Wrong Status Code (← links)
- Code Correctness: Call to Thread.run() (← links)
- Code Correctness: Call to System.gc() (← links)
- Code Correctness: Erroneous finalize() Method (← links)
- EJB Bad Practices: Use of AWT/Swing (← links)
- EJB Bad Practices: Use of Class Loader (← links)
- EJB Bad Practices: Use of java.io (← links)
- EJB Bad Practices: Use of Sockets (← links)
- EJB Bad Practices: Use of Synchronization Primitives (← links)
- Poor Style: Explicit call to finalize() (← links)
- Password Management: Hardcoded Password (← links)
- Code Correctness: Double-Checked Locking (← links)
- Return Inside Finally Block (← links)
- Code Correctness: Class Does Not Implement Cloneable (← links)
- Code Correctness: Erroneous String Compare (← links)
- Code Correctness: Misspelled Method Name (← links)
- Code Correctness: null Argument to equals() (← links)
- Dead Code: Broken Override (← links)
- Dead Code: Expression is Always False (← links)
- Dead Code: Expression is Always True (← links)
- Dead Code: Unused Field (← links)
- Dead Code: Unused Method (← links)
- Poor Style: Confusing Naming (← links)
- Poor Style: Empty Synchronized Block (← links)
- Poor Style: Identifier Contains Dollar Symbol ($) (← links)
- Portability Flaw (← links)
- Poor Logging Practice (← links)
- Poor Logging Practice: Multiple Loggers (← links)
- Poor Logging Practice: Use of a System Output Stream (← links)
- System Information Leak: Missing Catch Block (← links)
- Unsafe Mobile Code (← links)
- Unsafe Mobile Code: Inner Class (← links)
- Unsafe Mobile Code: Public finalize() Method (← links)
- Unsafe Mobile Code: Dangerous Array Declaration (← links)
- Unsafe Mobile Code: Dangerous Public Field (← links)
- Missing XML Validation (← links)
- String Termination Error (← links)
- Struts: Form Does Not Extend Validation Class (← links)
- Unchecked Return Value: Missing Check against Null (← links)
- Weak credentials (← links)
- J2EE Bad Practices: JSP Expressions (← links)
- Vulnerability template (← links)
- Business Impact template (← links)
- Losing customers (← links)
- Damage to brand (← links)
- Loss of customer’s trust (← links)
- Lawsuit (← links)
- Legal costs associated with breach (← links)
- Criminal and civil judgments (← links)
- Financial penalties (← links)
- Censure by regulating agency (← links)
- Release of a single person’s information (← links)
- Mass release of people’s information (← links)
- Loss of employee information (← links)
- Loss of financial information (← links)
- Loss of healthcare information (← links)
- Loss of video rental information (← links)
- Expression Language Injection (← links)
- Anti CSRF Tokens ASP.NET (← links)
- Windows Identity Foundation (← links)
- DPAPI (← links)
- .NET Callbacks - Vulnerabilities and Remediation (← links)
- Dependency Injection (← links)
- IoC containers (← links)
- ASP.NET Identity (← links)
- .NET Memory Management (← links)
- Preventing SQL Injection in ADO.NET (← links)
- Authenticated Symmetric Encryption in .NET (← links)
- Information exposure through query strings in url (← links)