...
spec:
containers:
- command:
- kube-controller-manager
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
- --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
image: example.domain/kube-controller-manager:v1.9.7
imagePullPolicy: IfNotPresent
...
...
spec:
containers:
- command:
- kube-scheduler
image: example.domain/kube-scheduler:v1.5.2
imagePullPolicy: IfNotPresent
...
--audit-policy-file
flag.
...
spec:
containers:
- command:
- kube-apiserver
- --audit-log-path=<the log file path>
image: example.domain/kube-apiserver-amd64:v1.6.0
...
--auto-tls
flag to true
. As a result, the etcd instance uses self-signed certificates for TLS connections with clients.
...
spec:
containers:
- command:
...
- etcd
...
- --auto-tls=true
...
tlsCertFile
and tlsPrivateKeyFile
fields in a Kubelet configuration define the x509 certificate used to serve HTTPS. By failing to provide both of them, a self-signed certificate and key are generated for the public address, which is susceptible to a man-in-the-middle attack.tlsCertFile
and tlsPrivateKeyFile
fields so the Kubelet automatically generates a self-signed certificate for TLS connections.
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
security
requirements and target servers
definitions for an API operation will always override the respective global settings. security
requirements and target servers
definitions for an API operation will always override the respective global settings. security
definition.security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security
definition. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
{
"openapi" : "3.0.3",
"info" : {
"title" : "My API",
"version" : "1.0.0"
},
"servers" : [ {
"url" : "/"
} ],
"security" : [],
...
}
security
definition.security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security
definition. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
openapi: 3.0.3
info:
title: My API
version: 1.0.0
security:
security
definition for an API operation.security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform actions that should be restricted to specific user accounts with explicit privileges.security
definition for a sensitive operation. This overrides globally defined security requirements and renders the createUsers
operation vulnerable to unauthorized and unauthenticated access.
{
"openapi": "3.0.0",
"info": {
...
},
"paths": {
"/users": {
"post": {
"security": [],
"summary": "Create a user",
"operationId": "createUsers",
...
}
...
}
}
security
definition for an API operation.security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform actions that should be restricted to specific user accounts with explicit privileges.security
definition for a sensitive operation. This overrides globally defined security requirements and renders the createUsers
operation vulnerable to unauthorized and unauthenticated access.
openapi: 3.0.0
info:
...
paths:
/users:
post:
operationId: createUsers
security: []
responses:
'201':
...
security
definition.security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security
definition. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
{
"openapi" : "3.0.3",
"info" : {
"title" : "My API",
"version" : "1.0.0"
},
"servers" : [ {
"url" : "https://example.org"
} ],
...
}
security
definition.security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security
definition. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
openapi: 3.0.3
info:
title: My API
version: 1.0.0
...
security
definition for an API operation.security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform actions that should be restricted to specific user accounts with explicit privileges.security
definition for a sensitive operation. Additionally, without a global security
definition, the createUsers
operation is vulnerable to unauthorized and unauthenticated access.
{
"openapi": "3.0.0",
"info": {
...
},
"paths": {
"/users": {
"post": {
"summary": "Create a user",
"operationId": "createUsers",
...
}
...
}
}
security
definition for an API operation.security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform actions that should be restricted to specific user accounts with explicit privileges.security
definition for a sensitive operation. Additionally, without a global security
definition, the createUsers
operation is vulnerable to unauthorized and unauthenticated access.
openapi: 3.0.0
info:
...
paths:
/users:
post:
operationId: createUsers
responses:
'201':
...
securitySchemes
definition.securitySchemes
definition specifies the security mechanisms that may be used globally or by specific API operations.securitySchemes
definition is typically specified under the reusable components
object and is referenced globally or by specific operations to dictate security requirements for interaction.securitySchemes
definition.
{
"openapi" : "3.0.3",
"info" : {
"title" : "My API",
"version" : "1.0.0"
},
"components": {
"schemas": {
"GeneralError": {
"type": "object",
"properties": {
...
}
}
}
securitySchemes
definition.securitySchemes
definition specifies the security mechanisms that may be used globally or by specific API operations.securitySchemes
definition is typically specified under the reusable components
object and is referenced globally or by specific operations to dictate security requirements for interaction.securitySchemes
definition.
openapi: 3.0.3
info:
title: My API
version: 1.0.0
components:
schemas:
GeneralError:
type: object
properties:
...
security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security
definition with optional security via the empty {}
item. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
{
"openapi" : "3.0.3",
"info" : {
"title" : "My API",
"version" : "1.0.0"
},
"servers" : [ {
"url" : "/"
} ],
"security" : [ {}, { "oauth_auth" : ["write","read" ]} ],
...
}
security
definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security
definition with optional security via the empty {}
item. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
openapi: 3.0.3
info:
title: My API
version: 1.0.0
security:
- {}
- oauth_auth:
- write:users
- read:users
{}
in the security
definition for a sensitive operation. This overrides globally defined security requirements and renders the createUsers
operation vulnerable to unauthorized and unauthenticated access.
{
"openapi": "3.0.0",
"info": {
...
},
"paths": {
"/users": {
"post": {
"security": [
{},
{
"my_auth": [
"write:users"
]
}
],
"summary": "Create a user",
"operationId": "createUsers",
...
}
...
}
}
{}
in the security
definition for a sensitive operation. This overrides globally defined security requirements and renders the createUsers
operation vulnerable to unauthorized and unauthenticated access.
openapi: 3.0.0
info:
...
paths:
/users:
post:
operationId: createUsers
security:
- {}
- oauth_auth:
- write:users
- read:users
responses:
'201':
...
...
password = ''.
...
...
URLRequestDefaults.setLoginCredentialsForHost(hostname, "scott", "");
...
Example 1
indicates that the user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
var storedPassword:String = "";
var temp:String;
if ((temp = readPassword()) != null) {
storedPassword = temp;
}
if(storedPassword.equals(userPassword))
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for userPassword
.
...
HttpRequest req = new HttpRequest();
req.setClientCertificate('mycert', '');
...
...
NetworkCredential netCred = new NetworkCredential("scott", "", domain);
...
Example 1
succeeds, it indicates that the network credential login "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
string storedPassword = "";
string temp;
if ((temp = ReadPassword(storedPassword)) != null) {
storedPassword = temp;
}
if(storedPassword.Equals(userPassword))
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for userPassword
.
...
rc = SQLConnect(*hdbc, server, SQL_NTS, "scott", SQL_NTS, "", SQL_NTS);
...
Example 1
succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
char *stored_password = "";
readPassword(stored_password);
if(safe_strcmp(stored_password, user_password))
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for user_password
.
...
<cfquery name = "GetSSNs" dataSource = "users"
username = "scott" password = "">
SELECT SSN
FROM Users
</cfquery>
...
Example 1
succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
var password = "";
var temp;
if ((temp = readPassword()) != null) {
password = temp;
}
if(password == userPassword()) {
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for userPassword
.
...
response.SetBasicAuth(usrName, "")
...
...
DriverManager.getConnection(url, "scott", "");
...
Example 1
succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
String storedPassword = "";
String temp;
if ((temp = readPassword()) != null) {
storedPassword = temp;
}
if(storedPassword.equals(userPassword))
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for userPassword
.
...
webview.setWebViewClient(new WebViewClient() {
public void onReceivedHttpAuthRequest(WebView view,
HttpAuthHandler handler, String host, String realm) {
String username = "";
String password = "";
if (handler.useHttpAuthUsernamePassword()) {
String[] credentials = view.getHttpAuthUsernamePassword(host, realm);
username = credentials[0];
password = credentials[1];
}
handler.proceed(username, password);
}
});
...
Example 2
, if useHttpAuthUsernamePassword()
returns false
, an attacker will be able to view protected pages by supplying an empty password.
...
obj = new XMLHttpRequest();
obj.open('GET','/fetchusers.jsp?id='+form.id.value,'true','scott','');
...
{
...
"password" : ""
...
}
...
rc = SQLConnect(*hdbc, server, SQL_NTS, "scott", SQL_NTS, "", SQL_NTS);
...
Example 1
succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
NSString *stored_password = "";
readPassword(stored_password);
if(safe_strcmp(stored_password, user_password)) {
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for user_password
.
<?php
...
$connection = mysql_connect($host, 'scott', '');
...
?>
DECLARE
password VARCHAR(20);
BEGIN
password := "";
END;
...
db = mysql.connect("localhost","scott","","mydb")
...
...
conn = Mysql.new(database_host, "scott", "", databasename);
...
Example 1
succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.""
as a default value when none is specified. In this case you also need to make sure that the correct number of arguments are specified in order to make sure a password is passed to the function.
...
ws.url(url).withAuth("john", "", WSAuthScheme.BASIC)
...
...
let password = ""
let username = "scott"
let con = DBConnect(username, password)
...
Example 1
succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
var stored_password = ""
readPassword(stored_password)
if(stored_password == user_password) {
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for user_password
.
...
Dim con As New ADODB.Connection
Dim cmd As New ADODB.Command
Dim rst As New ADODB.Recordset
con.ConnectionString = "Driver={Microsoft ODBC for Oracle};Server=OracleServer.world;Uid=scott;Passwd=;"
...
Example 1
succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
password = 'tiger'.
...
...
URLRequestDefaults.setLoginCredentialsForHost(hostname, "scott", "tiger");
...
...
HttpRequest req = new HttpRequest();
req.setClientCertificate('mycert', 'tiger');
...
...
NetworkCredential netCred =
new NetworkCredential("scott", "tiger", domain);
...
...
rc = SQLConnect(*hdbc, server, SQL_NTS, "scott",
SQL_NTS, "tiger", SQL_NTS);
...
...
MOVE "scott" TO UID.
MOVE "tiger" TO PASSWORD.
EXEC SQL
CONNECT :UID
IDENTIFIED BY :PASSWORD
AT :MYCONN
USING :MYSERVER
END-EXEC.
...
...
<cfquery name = "GetSSNs" dataSource = "users"
username = "scott" password = "tiger">
SELECT SSN
FROM Users
</cfquery>
...
...
var password = "foobarbaz";
...
javap -c
command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for Example 1
:
javap -c ConnMngr.class
22: ldc #36; //String jdbc:mysql://ixne.com/rxsql
24: ldc #38; //String scott
26: ldc #17; //String tiger
password := "letmein"
...
response.SetBasicAuth(usrName, password)
...
DriverManager.getConnection(url, "scott", "tiger");
...
javap -c
command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for Example 1
:
javap -c ConnMngr.class
22: ldc #36; //String jdbc:mysql://ixne.com/rxsql
24: ldc #38; //String scott
26: ldc #17; //String tiger
...
webview.setWebViewClient(new WebViewClient() {
public void onReceivedHttpAuthRequest(WebView view,
HttpAuthHandler handler, String host, String realm) {
handler.proceed("guest", "allow");
}
});
...
Example 1
, this code will run successfully, but anyone who has access to it will have access to the password.
...
obj = new XMLHttpRequest();
obj.open('GET','/fetchusers.jsp?id='+form.id.value,'true','scott','tiger');
...
...
{
"username":"scott"
"password":"tiger"
}
...
...
DriverManager.getConnection(url, "scott", "tiger")
...
javap -c
command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for Example 1
:
javap -c ConnMngr.class
22: ldc #36; //String jdbc:mysql://ixne.com/rxsql
24: ldc #38; //String scott
26: ldc #17; //String tiger
...
webview.webViewClient = object : WebViewClient() {
override fun onReceivedHttpAuthRequest( view: WebView,
handler: HttpAuthHandler, host: String, realm: String
) {
handler.proceed("guest", "allow")
}
}
...
Example 1
, this code will run successfully, but anyone who has access to it will have access to the password.
...
rc = SQLConnect(*hdbc, server, SQL_NTS, "scott",
SQL_NTS, "tiger", SQL_NTS);
...
...
$link = mysql_connect($url, 'scott', 'tiger');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
...
DECLARE
password VARCHAR(20);
BEGIN
password := "tiger";
END;
password = "tiger"
...
response.writeln("Password:" + password)
...
Mysql.new(URI(hostname, 'scott', 'tiger', databasename)
...
...
ws.url(url).withAuth("john", "secret", WSAuthScheme.BASIC)
...
javap -c
command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something such as the following for Example 1
:
javap -c MyController.class
24: ldc #38; //String john
26: ldc #17; //String secret
...
let password = "secret"
let username = "scott"
let con = DBConnect(username, password)
...
...
https://user:secretpassword@example.com
...
...
Dim con As New ADODB.Connection
Dim cmd As New ADODB.Command
Dim rst As New ADODB.Recordset
con.ConnectionString = "Driver={Microsoft ODBC for Oracle};Server=OracleServer.world;Uid=scott;Passwd=tiger;"
...
...
credential_settings:
username: scott
password: tiger
...
Null
passwords can compromise security.null
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
var storedPassword:String = null;
var temp:String;
if ((temp = readPassword()) != null) {
storedPassword = temp;
}
if(Utils.verifyPassword(userPassword, storedPassword))
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for userPassword
.null
to password variables is never a good idea as it might enable attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
string storedPassword = null;
string temp;
if ((temp = ReadPassword(storedPassword)) != null) {
storedPassword = temp;
}
if (Utils.VerifyPassword(storedPassword, userPassword)) {
// Access protected resources
...
}
...
ReadPassword()
fails to retrieve the stored password due to a database error or other problem, then an attacker can easily bypass the password check by providing a null
value for userPassword
.null
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
string storedPassword = null;
string temp;
if ((temp = ReadPassword(storedPassword)) != null) {
storedPassword = temp;
}
if(Utils.VerifyPassword(storedPassword, userPassword))
// Access protected resources
...
}
...
ReadPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for userPassword
.null
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
char *stored_password = NULL;
readPassword(stored_password);
if(safe_strcmp(stored_password, user_password))
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for user_password
.null
to password variables is never a good idea as it might enable attackers to bypass password verification or it might indicate that resources are protected by an empty password.null
to password variables is a bad idea because it can allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
String storedPassword = null;
String temp;
if ((temp = readPassword()) != null) {
storedPassword = temp;
}
if(Utils.verifyPassword(userPassword, storedPassword))
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for userPassword
.null
, reads credentials from an Android WebView store if they have not been previously rejected by the server for the current request, and uses them to setup authentication for viewing protected pages.
...
webview.setWebViewClient(new WebViewClient() {
public void onReceivedHttpAuthRequest(WebView view,
HttpAuthHandler handler, String host, String realm) {
String username = null;
String password = null;
if (handler.useHttpAuthUsernamePassword()) {
String[] credentials = view.getHttpAuthUsernamePassword(host, realm);
username = credentials[0];
password = credentials[1];
}
handler.proceed(username, password);
}
});
...
Example 1
, if useHttpAuthUsernamePassword()
returns false
, an attacker will be able to view protected pages by supplying a null
password.null
password.null
:
...
var password=null;
...
{
password=getPassword(user_data);
...
}
...
if(password==null){
// Assumption that the get didn't work
...
}
...
null
to password variables because it might enable attackers to bypass password verification or indicate that resources are not protected by a password.null
password.
{
...
"password" : null
...
}
null
password. Null
passwords can compromise security.null
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
NSString *stored_password = NULL;
readPassword(stored_password);
if(safe_strcmp(stored_password, user_password)) {
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for user_password
.null
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
<?php
...
$storedPassword = NULL;
if (($temp = getPassword()) != NULL) {
$storedPassword = $temp;
}
if(strcmp($storedPassword,$userPassword) == 0) {
// Access protected resources
...
}
...
?>
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for userPassword
.null
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
.
DECLARE
password VARCHAR(20);
BEGIN
password := null;
END;
null
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
storedPassword = NULL;
temp = getPassword()
if (temp is not None) {
storedPassword = temp;
}
if(storedPassword == userPassword) {
// Access protected resources
...
}
...
getPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for userPassword
.nil
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.nil
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
@storedPassword = nil
temp = readPassword()
storedPassword = temp unless temp.nil?
unless Utils.passwordVerified?(@userPassword, @storedPassword)
...
end
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for @userPassword
.nil
as a default value when none is specified. In this case you also need to make sure that the correct number of arguments are specified in order to make sure a password is passed to the function.null
to password variables is a bad idea because it can allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
ws.url(url).withAuth("john", null, WSAuthScheme.BASIC)
...
null
password. Null
passwords can compromise security.nil
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
var stored_password = nil
readPassword(stored_password)
if(stored_password == user_password) {
// Access protected resources
...
}
...
readPassword()
fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null
value for user_password
.null
to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null
and uses it to connect to a database.
...
Dim storedPassword As String
Set storedPassword = vbNullString
Dim con As New ADODB.Connection
Dim cmd As New ADODB.Command
Dim rst As New ADODB.Recordset
con.ConnectionString = "Driver={Microsoft ODBC for Oracle};Server=OracleServer.world;Uid=scott;Passwd=" & storedPassword &";"
...
Example 1
succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.