Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Greetings EE'ers,

This is a bit of an open ended question, but what do you all use or recommend as tools or practices for performing IT security assessments?
0
Will You Be GDPR Compliant by 5/28/2018?
LVL 1
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Penetration Testing - Looking for an affordable solution to do web site pen testing without it costing us £1000(s) expenditure.

There are many pen testing companies out there however I am looking for a cost effective solution which will cater for doing the job.

Any suggestions?
0
Watchguard to Draytek site to site VPN - 2 tunnels required.

WG side has local IP of 192.168.1.1/24 and this needs linking to the draytek which has 2 LAN 10.0.0.1/24 and 192.168.100.1/24

I need a tunnel for both

Now i can set this up with one tunnel no issue. but cant see anywhere to add a second tunnel on the draytek end. Ive herd GRE might be the answer my question but havnt used this before.

How do i add a second tunnel. I have also tried a second VPN with the other tunnel but this causes both VPNs to alternate and not work correctly. any help or questions welcome
0
We have Watchguard m400. The firewall is blocking EXE download. I want to allow only help desk to be able to download EXE, drive etc. How can i do this ?

thanks
0
i currently have a watchguard firebox with UTM and using vmware.
im currently upgrading the environment to the latest vmware and nsx.
is it recommended to eliminate the watchguard and ONLY use NSX?
0
Hello Experts,
I am looking for free or open source to perform security audit on our Cisco Switches, Routers and Firewalls because  I want to know the vulnerbilty and security holes in these network devices

Any suggestions are welcomed.
0
Hi,

As part of a security certification process we’re going through we’re required to fix this particular security issue with our website. The text, in the bold headed two paragraphs below, is that provided to us from the company doing the testing:

Client-side HTTP parameter pollution (reflected): Client-side HTTP parameter pollution (HPP) vulnerabilities arise when an application embeds user input in URLs in an unsafe manner. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify URLs within the response by inserting additional query string parameters and sometimes overriding existing ones. This may result in links and forms having unexpected side effects. For example, it may be possible to modify an invitation form using HPP so that the invitation is delivered to an unexpected recipient. The security impact of this issue depends largely on the nature of the application functionality. Even if it has no direct impact on its own, an attacker may use it in conjunction with other vulnerabilities to escalate their overall severity.

Recommendation: Ensure that user input is URL-encoded before it is embedded in a URL.

Now, the only user input getting put into the URL would seem to be that from the results of searches (there’s a search box on each page). If I look for ‘Cheese’ the URL reads https://www.<oursitename>/?s=Cheese or if I search for ‘Bacon Roll’ it’d be …
0
Our corporate network is subject to 6 monthly vulnerability scans from a certified 3rd party to meet a variety of security standards certifications. Our directors would like to see the security team responsible to do some metrics for performance management purposes to demonstrate that lessons are being learned from the findings, root causes addressed, and the number of issues raised decline each time the scans/assessments are complete.

I wondered if anyone else does this degree of analysis and what metrics do you use, is it as simple as number of risks logged in the assessors report, or are they broken down by category, e.g. password related issues, patch related issues, configuration related issues etc. etc. I totally get the idea that in theory if the scans/assessments just find the same types of risk each audit, then the root causes probably aren't being addressed - its just realistically what metrics are you using to demonstrate each time things have improved, lessons learned etc.
0
We are in the process of moving from desktops to laptops. We use SCCM, IEM/Bigfix for desktop patching but will now have to patch laptops that are randomly connected to our network. One method is to enable Windows Update.  Any suggestions or recommendations?
0
Hello experts

This is my first post to EE regarding OpenVAS, please forgive any misbehavior and language errors since I am not a native English speaker.

I have encountered strange results while changing only the port list for some targets.

If I use the wizard (immediate scan) to scan a couple of hosts, I get a report with some medium vulnerabilities. If I clone the target that was created by the wizard and just change the port list to scan all TCP and all UDP, I get a report with only "log level" vulnerabilities.

I may be doing something wrong but I can't figure out what.

Here are the details for the target used by the wizard :

Comment:    Automatically generated by wizard
Hosts:  example.com, example.io
Exclude Hosts:  
Reverse Lookup Only:    No
Reverse Lookup Unify:   No
Maximum number of hosts:    2
Port List:  OpenVAS Default
Alive Test:     Scan Config Default
Credentials for authenticated checks:
SSH:    
SMB:    
ESXi:   
SNMP:

Open in new window


Here is the target that I modified from a clone of the one above :

Comment:    Modified from automatically generated by wizard
Hosts:  example.com, example.io
Exclude Hosts:  
Reverse Lookup Only:    No
Reverse Lookup Unify:   No
Maximum number of hosts:    2
Port List:  All TCP and UDP
Alive Test:     Scan Config Default
Credentials for authenticated checks:
SSH:    
SMB:    
ESXi:   
SNMP:

Open in new window


Here is my All TCP and UDP port list :

Port List: All TCP and UDP
Comment:    
Port count:     131070
TCP Port count:     65535
UDP Port count:     65535
Port Ranges (2)
Start   End     Protocol
1       65535   tcp
1       65535   udp

Open in new window

0
The 14th Annual Expert Award Winners
LVL 7
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

[root@db01 ~]# yum updateinfo info --cve CVE-2017-5715
Loaded plugins: product-id, search-disabled-repos, subscription-manager
updateinfo info done

I am pretty sure this CVE is not installed. However i am unable to see the this CVE in the list.
0
Dear Support,

Good Day,

Could you please help me on below what to do on my servers

On January 3rd, details on a pair of vulnerabilities named “Spectre” and “Meltdown” were released. Both vulnerabilities exploit critical vulnerabilities within modern processors, allowing programs to steal data being processed on the device. This includes virtual machines reading memory from other virtual machines on the same host. End-user systems and shared cloud hosting providers are at the highest risk. Multiple vendors have released patches to address the vulnerability.

Waiting for your update

Thanks
0
Watchguard mobile VPN stops receiving data whenever I reboot my laptop. It requires me to uninstall and install again to make it working. Can some please suggest me the cause of the issue.
1
Twice in the past month our static IP has been flagged by the CBL as hosting malware. The CBL provides the source and destination IP but we have not been able to capture ANY traffic from our network to the destination IP provided. Here is what the CBL gave us:

Detection Information Summary
Destination IP	146.148.124.166
Destination port	443
Source IP	[xxx.xxx.xxx.xxx]
Source port	16997
C&C name/domain	kemonzura.gdn
Protocol	TCP
Time	Tue Dec 26 18:15:27 2017 UTC

Open in new window


The source IP is set on our WAN interface on our firewall (Sonicwall) and packet capture on the Sonicwall shows no outbound traffic to the destination IP. We port mirrored the switch port where the WAN port is connected on the switch and ran Wireshare against it and still no packets destined for the destination IP. We put a firewall rule in place to drop any packets destined for the destination IP and still we get listed.

In short, we have not been able to capture a single packet egressing our network and destined for the destination IP provided by the CBL. Is it possible to spoof the source IP? If so, how do you re-mediate?

We are thoroughly puzzled by this.

Below are the full results of the CBL lookup:

Results of Lookup
[redacted] is listed

This IP address was detected and listed 56 times in the past 28 days, and 13 times in the past 24 hours. The most recent detection was at Tue Dec 26 18:15:00 2017 UTC +/- 5 minutes

This IP address is infected with, or is NATting for a
0
Hi All,

I am having a vulnerability issues on my asp.net web application.

a potentially dangerous request.path value was detected from the client (:).

I already have <httpRuntime requestValidateMode="2.0" requestPathInvalidCharacters="" /> on my web config.
0
I have a wireless envorment with:

Server 2012 R2 running the NPS service for RADIUS authentication to the AD
Ubiquiti UniFi APs that are set to forward auth to the RADIUS NPS server

Now I have that setup, and it works, and authenticates the users AD login, and connects to the network just fine, the issue I have, comes after that, when the user is not authenticated through the single sign on through RADIUS for the WatchGuard firewall. I have followed what little information WatchGuard has on this, but most of their information points to MSDN pages, that get me no where.  I understand that the WatchGuard needs to receive accounting packets with information from the NPS server, but it doesn't seem to be getting them, as the firewall still tries to route users to authenticate through the web portal.

Not sure where to go from here in order tell which system to send to what and where, and how.
0
Looking for Patch Management Cloud service. I have found a few on the Internet but not sure who is good. Looking to patch OS and 3rd party Apps
0
At NY Data Center, and UK and US Offices the IP addresses accessing in and being accessed out.


Objective is to identify suspicious / unauthorized access or data transfer .
0
We have a P4515 that is showing the vulnerability below. I could not find anything related online. Any help would be great.

HP printer
Description      Integer based SQL injection vulnerability in enableAS parameter to /hp/device/this.LCDispatcher?nav=hp.AutoSend
Confirmed      Yes
Severity Level      Critical
Severity      user file read access
Tutorial      SQL injection
Service      443:TCP
Technical Details      Normal Request:
POST /hp/device/this.LCDispatcher?nav=hp.AutoSend HTTP/1.0
Host: 10.91.2.62
User-Agent: Mozilla/5.0
Content-length: 447
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
Cookie: MFPSESSIONID=010044D3A0E5EAC6706FBFCDE3B6884CAD189BF8917D1CD7FFA22017072703064703C1
bar=yes,location=
0
SMB Security Just Got a Layer Stronger
LVL 1
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Hello All,

I need your help to fix CVE-2016-2183 vulnerability in my CentOS release 6.9 (Final) instance.
I have checked for the various solution to fix this like to make the changes in apache/ngnix configuration. But, i dont have apache/ngnix install in my instance.

The openssl version installed in my instance is OpenSSL 1.0.1e-fips 11 Feb 2013.
When I'm trying to update the openssl package using yum, it did not identify any new version of the package available for installation.

Regards
Rukender
0
I have a web site the consistently get DDos attacks , I've changed several of hosting provider with no success.

Only one in Canada seems to block the DDoS attacks , but I'm looking for some hosting in the US. that can deal with it, and block it.

Any suggestions?
0
Hi

guys any review, expirence with this SIEM software http://www.gfi.com/ 

thank you
0
I have been trying for a few days to create a media restore point - one that won't be used on this system but I thought I should get it.  I have been getting a couple of errors (I wrote them down but I can only find the one piece of paper: Page_Fault_in_Non_Page_Area

I tried a few different USB drives but none of them worked.  I have ran a sfc / chkdsk on everything - even ran it when it rebooted and rebooted in safe mode.

I did a HiJackThis Analyzer - seems OK - ignore the hosts file, that's mine
Reource MonitorCPU Monitor
Windows 10 64G
0
Please could you explain for me how does a method
public void doItMulti()

Open in new window

works.
May be you could draw for me  some action UML or sequence or any other behavior UML. May be you could provide for this methods some useful and detail comments for each line of code. Thx for your help in advance !

package bfpasswrd;

import java.util.ArrayList;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;

public class PasswordCracker
{

String passwordToCrack;
public boolean passwordFound;
int min;
int max;
StringBuilder crackedPassword;

public void prepare(String text)
{
    passwordToCrack = text;

    passwordFound = false;
    min = 32;
    max = 126;
    crackedPassword = new StringBuilder();
    crackedPassword.append((char) (min - 1));
}

public void result()
{
    System.out.println("Cracked Password is: " + crackedPassword.toString());
}

public void incrementString(StringBuilder text, int min, int max)
{
    text.setCharAt(0, (char) ((int) text.charAt(0) + 1));
    for (int i = 0; i < text.length(); i++)
    {
        if (text.charAt(i) > (char) max)
        {
            text.setCharAt(i, (char) min);
            if (text.length() == i + 1)
            {
                text.append((char) min);
            }
            else
            {
                text.setCharAt(i + 1, (char) ((int) text.charAt(i + 1) + 1));
            }
        }
    }
}

public void runMulti(String text)
{
    

Open in new window

0
Hi, i need to do a penetration test for a web application. I was wonder who would be the best company to ask to perform such a test?
Any recommendations?
I am based in Melbourne..
0

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.