Releases
v1.7
Added
sensitive_data_exposure.weak_password_reset_implementation.token_leakage_via_host_header_poisoning
server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_non_email_domain
broken_access_control.username_enumeration.non_brute_force
insufficient_security_configurability.weak_two_fa_implementation.two_fa_secret_cannot_be_rotated
insufficient_security_configurability.weak_two_fa_implementation.two_fa_secret_remains_obtainable_after_two_fa_is_enabled
insufficient_security_configurability.weak_two_fa_implementation
sensitive_data_exposure.token_leakage_via_referer.trusted_third_party
sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party
cross_site_scripting_xss.ie_only.ie_eleven
cross_site_scripting_xss.ie_only.older_version_ie_eleven
automotive_security_misconfiguration
automotive_security_misconfiguration.infotainment
automotive_security_misconfiguration.infotainment.pii_leakage
automotive_security_misconfiguration.infotainment.code_execution_can_bus_pivot
automotive_security_misconfiguration.infotainment.code_execution_no_can_bus_pivot
automotive_security_misconfiguration.infotainment.unauthorized_access_to_services
automotive_security_misconfiguration.infotainment.source_code_dump
automotive_security_misconfiguration.infotainment.dos_brick
automotive_security_misconfiguration.infotainment.default_credentials
automotive_security_misconfiguration.rf_hub
automotive_security_misconfiguration.rf_hub.key_fob_cloning
automotive_security_misconfiguration.rf_hub.can_injection_interaction
automotive_security_misconfiguration.rf_hub.data_leakage_pull_encryption_mechanism
automotive_security_misconfiguration.rf_hub.unauthorized_access_turn_on
automotive_security_misconfiguration.rf_hub.roll_jam
automotive_security_misconfiguration.rf_hub.replay
automotive_security_misconfiguration.rf_hub.relay
automotive_security_misconfiguration.can
automotive_security_misconfiguration.can.injection_disallowed_messages
automotive_security_misconfiguration.can.injection_dos
server_side_injection.content_spoofing.email_hyperlink_injection_based_on_email_provider
Removed
broken_access_control.username_enumeration.data_leak
insufficient_security_configurability.weak_2fa_implementation
sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party
sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party
cross_site_scripting_xss.ie_only.ie11
cross_site_scripting_xss.ie_only.older_version_ie11
Changed
server_security_misconfiguration.username_enumeration name changed from "Username Enumeration" to "Username/Email Enumeration"
broken_access_control.username_enumeration name changed from "Username Enumeration" to "Username/Email Enumeration"
updated Remediation Advice reference URLs for OWASP
You can’t perform that action at this time.