[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

Weaknesses in this category are related to schemes that generate numbers or identifiers that are more predictable than required by the application.

A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.

An exact value or random number can be precisely predicted by observing previous values.

The software's random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next value that could be generated.

The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

The software does not properly verify that the source of data or communication is valid.

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.


Pages:      Start    18    19    20    21    22    23    24    25    26    27    28    29    30    31    ..   90

© SecPod Technologies