Skip to content

v1.7
Compare
Choose a tag to compare
@barnett barnett released this 13 Mar 22:54
· 51 commits to master since this release
v1.7
666ef79
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • sensitive_data_exposure.weak_password_reset_implementation.token_leakage_via_host_header_poisoning
  • server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_non_email_domain
  • broken_access_control.username_enumeration.non_brute_force
  • insufficient_security_configurability.weak_two_fa_implementation.two_fa_secret_cannot_be_rotated
  • insufficient_security_configurability.weak_two_fa_implementation.two_fa_secret_remains_obtainable_after_two_fa_is_enabled
  • insufficient_security_configurability.weak_two_fa_implementation
  • sensitive_data_exposure.token_leakage_via_referer.trusted_third_party
  • sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party
  • cross_site_scripting_xss.ie_only.ie_eleven
  • cross_site_scripting_xss.ie_only.older_version_ie_eleven
  • automotive_security_misconfiguration
  • automotive_security_misconfiguration.infotainment
  • automotive_security_misconfiguration.infotainment.pii_leakage
  • automotive_security_misconfiguration.infotainment.code_execution_can_bus_pivot
  • automotive_security_misconfiguration.infotainment.code_execution_no_can_bus_pivot
  • automotive_security_misconfiguration.infotainment.unauthorized_access_to_services
  • automotive_security_misconfiguration.infotainment.source_code_dump
  • automotive_security_misconfiguration.infotainment.dos_brick
  • automotive_security_misconfiguration.infotainment.default_credentials
  • automotive_security_misconfiguration.rf_hub
  • automotive_security_misconfiguration.rf_hub.key_fob_cloning
  • automotive_security_misconfiguration.rf_hub.can_injection_interaction
  • automotive_security_misconfiguration.rf_hub.data_leakage_pull_encryption_mechanism
  • automotive_security_misconfiguration.rf_hub.unauthorized_access_turn_on
  • automotive_security_misconfiguration.rf_hub.roll_jam
  • automotive_security_misconfiguration.rf_hub.replay
  • automotive_security_misconfiguration.rf_hub.relay
  • automotive_security_misconfiguration.can
  • automotive_security_misconfiguration.can.injection_disallowed_messages
  • automotive_security_misconfiguration.can.injection_dos
  • server_side_injection.content_spoofing.email_hyperlink_injection_based_on_email_provider

Removed

  • broken_access_control.username_enumeration.data_leak
  • insufficient_security_configurability.weak_2fa_implementation
  • sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party
  • sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party
  • cross_site_scripting_xss.ie_only.ie11
  • cross_site_scripting_xss.ie_only.older_version_ie11

Changed

  • server_security_misconfiguration.username_enumeration name changed from "Username Enumeration" to "Username/Email Enumeration"
  • broken_access_control.username_enumeration name changed from "Username Enumeration" to "Username/Email Enumeration"
  • updated Remediation Advice reference URLs for OWASP
Assets 2