Insufficient Security Configurability
Insufficient Security Configurability
Overview of the Vulnerability
Insufficient security configurability refers to the lack of options or flexibility in configuring security settings within a system or application. This vulnerability may arise from hardcoded security configurations, limited options for customization, or inadequate documentation. Due to this, an attacker can manipulate data and perform actions that appear to originate from a legitimate user.
Business Impact
This vulnerability can lead to reputational damage and indirect financial loss to the company as customers may view the application as insecure.
Steps to Reproduce
Login to the application at: {{url}}
Perform {{action}} and observe that the security configuration is weak
Proof of Concept (PoC)
The screenshot(s) below demonstrates the vulnerability:
{{screenshot}}
Guidance
Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
Recommendation(s)
For more information refer to Open Web Application Security Project (OWASP) guide relating to this vulnerability:
Last updated