Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki

Categories

V2 - Authentication V3 - Session Management V4 - Access Control V5 - Validation/Sanitization V6 - Cryptography V7 - Error Logging V8 - Data Protection V9 - Communications V10 - Malicious Code V11 - Business Logic V12 - Files Resources V13 - API V14 - Config

CORS (Cross-Origin Resource Sharing) CORS (Cross-Origin Resource Sharing) Vulnerability Leaking Sensitive Data Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain Enabled HTTP PUT method leads to create malicious file on the server Lack of Security Headers Mail Server Misconfiguration - Missing or Misconfigured SPF and/or DKIM Mail Server Misconfiguration - No Spoofing Protection on Email Domain Misconfigured DNS - Missing Certification Authority Authorization (CAA) Record Misconfigured DNS - Zone Transfer Missing Secure or HTTPOnly Cookie Flag Missing Strict Transport Security Header (HSTS) Missing X-Frame-Options Header Out-Of-Date Component in use Server Banner Disclosure Weak Content-Security-Policy Webserver Default Page Reveals Internal Info (Nginx, IIS)

V14 - Config

Mail Server Misconfiguration - Missing or Misconfigured SPF and/or DKIM

POC

- Check SPF record with online lookup to see it’s missing

https://mxtoolbox.com/spf.aspx

Impact

Low

Likelihood

Low

Ready to get started?

our platform schedule a demo

Join some of these great clients we're proud to have helped