Improperly Controlled Modification of Dynamically-Determined Object Attributes

Property
Languageruby
Severitylow
CWECWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
OWASPA08:2021 - Software and Data Integrity Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Allowing mass assignment of sensitive attributes like ‘admin’ or ‘account_id’ using permit can let users modify critical fields they shouldn’t have access to. This exposes your application to unauthorized privilege changes or account takeovers.

Impact

If exploited, attackers could escalate their privileges, gain admin access, or manipulate account ownership by changing protected attributes. This can lead to data breaches, unauthorized actions, and a loss of control over user accounts and permissions.

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Property
Languageruby
Severitylow
CWECWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
OWASPA08:2021 - Software and Data Integrity Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Allowing user input to set sensitive attributes like ‘role’ or ‘banned’ using the ‘permit’ method can let attackers assign themselves elevated privileges or bypass restrictions. This exposes critical parts of your application’s security model to manipulation.

Impact

If exploited, attackers could grant themselves admin access, unban their accounts, or otherwise alter protected user properties. This can lead to unauthorized actions, data breaches, and loss of control over who can perform sensitive operations in your application.

Inadequate Encryption Strength

Property
Languagehcl
Severitylow
CWECWE-326: Inadequate Encryption Strength
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The PostgreSQL server is configured to allow outdated TLS versions (1.0, 1.1, or 1.2), which do not provide the strongest encryption available. This increases the risk of data exposure during transmission.

Impact

Attackers may exploit weaker TLS protocols to intercept or tamper with sensitive data sent between clients and the database. This could lead to data breaches, credential theft, or unauthorized access to confidential information.

Inadequate Encryption Strength

Property
Languagehcl
Severitymedium
CWECWE-326: Inadequate Encryption Strength
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelLow

Description

The MSSQL server is configured to use outdated TLS versions (1.0 or 1.1), which have known security weaknesses and do not provide strong encryption. This leaves data in transit vulnerable to interception and unauthorized access.

Impact

Using weak TLS versions allows attackers to exploit known cryptographic flaws, potentially intercepting or manipulating sensitive data sent between applications and the database. This can lead to data breaches, loss of confidentiality, and non-compliance with security standards or regulations.

Inadequate Encryption Strength

Property
Languagehcl
Severitylow
CWECWE-326: Inadequate Encryption Strength
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The storage account is not explicitly configured to require the latest version of TLS (1.2 or higher) for data encryption in transit. This means weaker or outdated encryption protocols might be allowed, putting sensitive data at risk.

Impact

If older TLS versions are permitted, attackers could exploit known vulnerabilities to intercept or tamper with data sent to and from the storage account. This can lead to data breaches, unauthorized access, or data manipulation, exposing sensitive information and violating compliance requirements.

Inadequate Encryption Strength

Property
Languagehcl
Severitymedium
CWECWE-326: Inadequate Encryption Strength
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelLow

Description

The MySQL server is configured to allow outdated TLS versions (TLS 1.0 or 1.1), which have known security weaknesses and are no longer considered secure for encrypting data in transit. This exposes connections to potential eavesdropping and attacks.

Impact

If exploited, attackers could intercept or manipulate sensitive data transmitted between the application and the MySQL server. This may lead to data breaches, credential theft, or unauthorized access, putting both user data and organizational assets at risk.

Inadequate Encryption Strength

Property
Languagehcl
Severitylow
CWECWE-326: Inadequate Encryption Strength
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure App Service resource is not configured to require client certificates, meaning users can access the app without proving their identity. This weakens authentication and allows unauthenticated connections.

Impact

Without client certificate enforcement, attackers or unauthorized users could connect to the app, potentially exposing sensitive data or services to unauthorized access. This increases the risk of data breaches and unauthorized actions within your application.

Inadequate Encryption Strength

Property
Languagehcl
Severitymedium
CWECWE-326: Inadequate Encryption Strength
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelLow

Description

The web app is configured to use an outdated TLS version (1.0 or 1.1), which lacks modern security protections. This makes encrypted connections to your app vulnerable to known attacks.

Impact

Attackers could exploit weaknesses in old TLS versions to intercept or manipulate sensitive data in transit, potentially exposing user information or credentials. This compromises the confidentiality and integrity of your application’s communications and may violate compliance requirements.

Inadequate Encryption Strength

Property
Languagehcl
Severitymedium
CWECWE-326: Inadequate Encryption Strength
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelLow

Description

The App Service resource is not configured to enforce TLS 1.2, allowing older and less secure versions of TLS. This weakens the encryption for data transmitted to and from your application.

Impact

Without enforcing TLS 1.2, attackers may exploit outdated encryption protocols to intercept or manipulate sensitive data in transit, risking exposure of user information and potential compliance violations.

Inadequate Encryption Strength

Property
Languagehcl
Severitymedium
CWECWE-326: Inadequate Encryption Strength
OWASPA03:2017 - Sensitive Data Exposure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The Azure Storage account is configured to allow TLS versions lower than 1.2, which means older, less secure encryption protocols are permitted for data transfers. This weakens the security of data in transit between clients and storage services.

Impact

Allowing deprecated TLS versions exposes data transmissions to known vulnerabilities and attacks such as eavesdropping or man-in-the-middle attacks. Attackers could potentially intercept or manipulate sensitive data, leading to data breaches and non-compliance with security standards.