The IT Law Wiki

Configuration error attack

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Configuration error attacks "exploit configuration weaknesses found in software."[1]

Overview Edit

"Software may come with unnecessary and unsafe features, such as debug and QA features, enabled by default. These features may provide a means for an attacker to bypass authentication methods and gain access to sensitive information, perhaps with elevated privileges. Likewise, default installations may include well-known usernames and passwords, hard-coded backdoor accounts, special access mechanisms, and incorrect permissions set for files accessible through web servers. Default samples may be accessible in production environments. Configuration files that are not properly locked down may reveal clear text connection strings to the database, and default settings in configuration files may not have been set with security in mind. All of these misconfigurations may lead to unauthorised access to sensitive information."[2]

References Edit

  1. Threat Landscape and Good Practice Guide for Internet Infrastructure, at 16.
  2. Id.

Also on Fandom

Random Wiki