Information leakage
Entities provide information enabling the discovery of known vulnerabilities.
Greatly reduce the cost of an assessment by allowing a researcher/attacker to focus on a specific context.
Most relevant:
Broadcast Protocols: status information.
Banners: messages on connect.
Errors: errors provided on illegal access.
Accounts: information about the existence of a user account.
Web page sources: information in web pages.
Supporting Files: information in other files available.
Event Timing: the time an event takes.
Cookies: cookies provided to clients.
Last updated