Information leakage

Entities provide information enabling the discovery of known vulnerabilities.

• Greatly reduce the cost of an assessment by allowing a researcher/attacker to focus on a specific context.

Most relevant:

• Broadcast Protocols: status information.

• Banners: messages on connect.

• Errors: errors provided on illegal access.

• Accounts: information about the existence of a user account.

• Web page sources: information in web pages.

• Supporting Files: information in other files available.

• Event Timing: the time an event takes.

• Cookies: cookies provided to clients.