All cards
2
SpoofingAn attacker could squat on the random port or socket that the server normally uses
2S23
SpoofingAn attacker could try one credential after another and there's nothing to slow them down (online or offline)
3S34
SpoofingAn attacker can anonymously connect, because we expect authentication to be done at a higher level
4S45
SpoofingAn attacker can confuse a client because there are too many ways to identify a server
5S56
SpoofingAn attacker can spoof a server because identifiers aren't stored on the client and checked for consistency on re-connection (that is, there's no key persistence)
6S67
SpoofingAn attacker can connect to a server or peer over a link that isn't authenticated (and encrypted)
7S78
SpoofingAn attacker could steal credentials stored on the server and reuse them (for example, a key is stored in a world readable file)
8S89
SpoofingAn attacker who gets a password can reuse it (Use stronger authenticators)
9S910
SpoofingAn attacker can choose to use weaker or no authentication
10S10J
SpoofingAn attacker could steal credentials stored on the client and reuse them
JSJQ
SpoofingAn attacker could go after the way credentials are updated or recovered (account recovery doesn't require disclosing the old password)
QSQK
SpoofingYour system ships with a default admin password, and doesn't force a change
KSKA
SpoofingYou've invented a new Spoofing attack
ASA3
TamperingAn attacker can take advantage of your custom key exchange or integrity control which you built instead of using standard crypto
3T34
TamperingYour code makes access control decisions all over the place, rather than with a security kernel
4T45
TamperingAn attacker can replay data without detection because your code doesn't provide timestamps or sequence numbers
5T56
TamperingAn attacker can write to a data store your code relies on
6T67
TamperingAn attacker can bypass permissions because you don't make names canonical before checking access permissions
7T78
TamperingAn attacker can manipulate data because there's no integrity protection for data on the network
8T89
TamperingAn attacker can provide or control state information
9T910
TamperingAn attacker can alter information in a data store because it has weak ACLs or includes a group which is equivalent to everyone ("all Live ID holders")
10T10J
TamperingAn attacker can write to some resource because permissions are granted to the world or there are no ACLs
JTJQ
TamperingAn attacker can change parameters over a trust boundary and after validation (for example, important parameters in a hidden field in HTML, or passing a pointer to critical memory)
QTQK
TamperingAn attacker can load code inside your process via an extension point
KTKA
TamperingYou've invented a new Tampering attack
ATA2
RepudiationAn attacker can pass data through the log to attack a log reader, and there's no documentation of what sorts of validation are done
2R23
RepudiationA low privilege attacker can read interesting security information in the logs
3R34
RepudiationAn attacker can alter digital signatures because the digital signature system you're implementing is weak, or uses MACs where it should use a signature
4R45
RepudiationAn attacker can alter log messages on a network because they lack strong integrity controls
5R56
RepudiationAn attacker can create a log entry without a timestamp (or no log entry is timestamped)
6R67
RepudiationAn attacker can make the logs wrap around and lose data
7R78
RepudiationAn attacker can make a log lose or confuse security information
8R89
RepudiationAn attacker can use a shared key to authenticate as different principals, confusing the information in the logs
9R910
RepudiationAn attacker can get arbitrary data into logs from unauthenticated (or weakly authenticated) outsiders without validation
10R10J
RepudiationAn attacker can edit logs and there's no way to tell (perhaps because there's no heartbeat option for the logging system)
JRJQ
RepudiationAn attacker can say "I didn't do that," and you'd have no way to prove them wrong
QRQK
RepudiationThe system has no logs
KRKA
RepudiationYou've invented a new Repudiation attack
ARA2
Information DisclosureAn attacker can brute-force file encryption because there's no defense in place (example defense, password stretching)
2I23
Information DisclosureAn attacker can see error messages with security sensitive content
3I34
Information DisclosureAn attacker can read content because messages (say, an email or HTTP cookie) aren't encrypted even if the channel is encrypted
4I45
Information DisclosureAn attacker may be able to read a document or data because it's encrypted with a non-standard algorithm
5I56
Information DisclosureAn attacker can read data because it's hidden or occluded (for undo or change tracking) and the user might forget that it's there
6I67
Information DisclosureAn attacker can act as a 'man in the middle' because you don't authenticate endpoints of a network connection
7I78
Information DisclosureAn attacker can access information through a search indexer, logger, or other such mechanism
8I89
Information DisclosureAn attacker can read sensitive information in a file with bad ACLs
9I910
Information DisclosureAn attacker can read information in files with no ACLs
10I10J
Information DisclosureAn attacker can discover the fixed key being used to encrypt
JIJQ
Information DisclosureAn attacker can read the entire channel because the channel (say, HTTP or SMTP) isn't encrypted
QIQK
Information DisclosureAn attacker can read network information because there's no cryptography used
KIKA
Information DisclosureYou've invented a new Information Disclosure attack
AIA2
Denial of ServiceAn attacker can make your authentication system unusable or unavailable
2D23
Denial of ServiceAn attacker can make a client unavailable or unusable but the problem goes away when the attacker stops
3D34
Denial of ServiceAn attacker can make a server unavailable or unusable but the problem goes away when the attacker stops
4D45
Denial of ServiceAn attacker can make a client unavailable or unusable without ever authenticating but the problem goes away when the attacker stops
5D56
Denial of ServiceAn attacker can make a server unavailable or unusable without ever authenticating but the problem goes away when the attacker stops
6D67
Denial of ServiceAn attacker can make a client unavailable or unusable and the problem persists after the attacker goes away
7D78
Denial of ServiceAn attacker can make a server unavailable or unusable and the problem persists after the attacker goes away
8D89
Denial of ServiceAn attacker can make a client unavailable or unusable without ever authenticating and the problem persists after the attacker goes away
9D910
Denial of ServiceAn attacker can make a server unavailable or unusable without ever authenticating and the problem persists after the attacker goes away
10D10J
Denial of ServiceAn attacker can cause the logging subsystem to stop working
JDJQ
Denial of ServiceAn attacker can amplify a Denial of Service attack through this component with amplification on the order of 10 to 1
QDQK
Denial of ServiceAn attacker can amplify a Denial of Service attack through this component with amplification on the order of 100 to 1
KDKA
Denial of ServiceYou've invented a new Denial of Service attack
ADA5
Elevation of PrivilegeAn attacker can force data through different validation paths which give different results
5E56
Elevation of PrivilegeAn attacker could take advantage of .NET permissions you ask for, but don't use
6E67
Elevation of PrivilegeAn attacker can provide a pointer across a trust boundary, rather than data which can be validated
7E78
Elevation of PrivilegeAn attacker can enter data that is checked while still under their control and used later on the other side of a trust boundary
8E89
Elevation of PrivilegeThere's no reasonable way for a caller to figure out what validation of tainted data you perform before passing it to them
9E910
Elevation of PrivilegeThere's no reasonable way for a caller to figure out what security assumptions you make
10E10J
Elevation of PrivilegeAn attacker can reflect input back to a user, like cross site scripting
JEJQ
Elevation of PrivilegeYou include user-generated content within your page, possibly including the content of random URLs
QEQK
Elevation of PrivilegeAn attacker can inject a command that the system will run at a higher privilege level
KEKA
Elevation of PrivilegeYou've invented a new Elevation of Privilege attack
AEA