Fandom

The IT Law Wiki

Configuration error attack

32,181pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

Configuration error attacks "exploit configuration weaknesses found in software."[1]

Overview Edit

"Software may come with unnecessary and unsafe features, such as debug and QA features, enabled by default. These features may provide a means for an attacker to bypass authentication methods and gain access to sensitive information, perhaps with elevated privileges. Likewise, default installations may include well-known usernames and passwords, hard-coded backdoor accounts, special access mechanisms, and incorrect permissions set for files accessible through web servers. Default samples may be accessible in production environments. Configuration files that are not properly locked down may reveal clear text connection strings to the database, and default settings in configuration files may not have been set with security in mind. All of these misconfigurations may lead to unauthorised access to sensitive information."[2]

References Edit

  1. Threat Landscape and Good Practice Guide for Internet Infrastructure, at 16.
  2. Id.

Also on Fandom

Random Wiki