...
spec:
containers:
- command:
- kube-controller-manager
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
- --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
image: example.domain/kube-controller-manager:v1.9.7
imagePullPolicy: IfNotPresent
...
...
spec:
containers:
- command:
- kube-scheduler
image: example.domain/kube-scheduler:v1.5.2
imagePullPolicy: IfNotPresent
...
--audit-policy-file flag.
...
spec:
containers:
- command:
- kube-apiserver
- --audit-log-path=<the log file path>
image: example.domain/kube-apiserver-amd64:v1.6.0
...
--auto-tls flag to true. As a result, the etcd instance uses self-signed certificates for TLS connections with clients.
...
spec:
containers:
- command:
...
- etcd
...
- --auto-tls=true
...
tlsCertFile and tlsPrivateKeyFile fields in a Kubelet configuration define the x509 certificate used to serve HTTPS. By failing to provide both of them, a self-signed certificate and key are generated for the public address, which is susceptible to a man-in-the-middle attack.tlsCertFile and tlsPrivateKeyFile fields so the Kubelet automatically generates a self-signed certificate for TLS connections.
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
security requirements and target servers definitions for an API operation will always override the respective global settings. security requirements and target servers definitions for an API operation will always override the respective global settings. security definition.security definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security definition. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
{
"openapi" : "3.0.3",
"info" : {
"title" : "My API",
"version" : "1.0.0"
},
"servers" : [ {
"url" : "/"
} ],
"security" : [],
...
}
security definition.security definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security definition. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
openapi: 3.0.3
info:
title: My API
version: 1.0.0
security:
security definition for an API operation.security definition might enable attackers to interact with sensitive API endpoints and allow them to perform actions that should be restricted to specific user accounts with explicit privileges.security definition for a sensitive operation. This overrides globally defined security requirements and renders the createUsers operation vulnerable to unauthorized and unauthenticated access.
{
"openapi": "3.0.0",
"info": {
...
},
"paths": {
"/users": {
"post": {
"security": [],
"summary": "Create a user",
"operationId": "createUsers",
...
}
...
}
}
security definition for an API operation.security definition might enable attackers to interact with sensitive API endpoints and allow them to perform actions that should be restricted to specific user accounts with explicit privileges.security definition for a sensitive operation. This overrides globally defined security requirements and renders the createUsers operation vulnerable to unauthorized and unauthenticated access.
openapi: 3.0.0
info:
...
paths:
/users:
post:
operationId: createUsers
security: []
responses:
'201':
...
security definition.security definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security definition. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
{
"openapi" : "3.0.3",
"info" : {
"title" : "My API",
"version" : "1.0.0"
},
"servers" : [ {
"url" : "https://example.org"
} ],
...
}
security definition.security definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security definition. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
openapi: 3.0.3
info:
title: My API
version: 1.0.0
...
security definition for an API operation.security definition might enable attackers to interact with sensitive API endpoints and allow them to perform actions that should be restricted to specific user accounts with explicit privileges.security definition for a sensitive operation. Additionally, without a global security definition, the createUsers operation is vulnerable to unauthorized and unauthenticated access.
{
"openapi": "3.0.0",
"info": {
...
},
"paths": {
"/users": {
"post": {
"summary": "Create a user",
"operationId": "createUsers",
...
}
...
}
}
security definition for an API operation.security definition might enable attackers to interact with sensitive API endpoints and allow them to perform actions that should be restricted to specific user accounts with explicit privileges.security definition for a sensitive operation. Additionally, without a global security definition, the createUsers operation is vulnerable to unauthorized and unauthenticated access.
openapi: 3.0.0
info:
...
paths:
/users:
post:
operationId: createUsers
responses:
'201':
...
securitySchemes definition.securitySchemes definition specifies the security mechanisms that may be used globally or by specific API operations.securitySchemes definition is typically specified under the reusable components object and is referenced globally or by specific operations to dictate security requirements for interaction.securitySchemes definition.
{
"openapi" : "3.0.3",
"info" : {
"title" : "My API",
"version" : "1.0.0"
},
"components": {
"schemas": {
"GeneralError": {
"type": "object",
"properties": {
...
}
}
}
securitySchemes definition.securitySchemes definition specifies the security mechanisms that may be used globally or by specific API operations.securitySchemes definition is typically specified under the reusable components object and is referenced globally or by specific operations to dictate security requirements for interaction.securitySchemes definition.
openapi: 3.0.3
info:
title: My API
version: 1.0.0
components:
schemas:
GeneralError:
type: object
properties:
...
security definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security definition with optional security via the empty {} item. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
{
"openapi" : "3.0.3",
"info" : {
"title" : "My API",
"version" : "1.0.0"
},
"servers" : [ {
"url" : "/"
} ],
"security" : [ {}, { "oauth_auth" : ["write","read" ]} ],
...
}
security definition might enable attackers to interact with sensitive API endpoints and allow them to perform operations that should be restricted to specific user accounts with specific privileges.security definition with optional security via the empty {} item. APIs that implement this specification might be vulnerable to unauthorized or unauthenticated access to sensitive operations.
openapi: 3.0.3
info:
title: My API
version: 1.0.0
security:
- {}
- oauth_auth:
- write:users
- read:users
{} in the security definition for a sensitive operation. This overrides globally defined security requirements and renders the createUsers operation vulnerable to unauthorized and unauthenticated access.
{
"openapi": "3.0.0",
"info": {
...
},
"paths": {
"/users": {
"post": {
"security": [
{},
{
"my_auth": [
"write:users"
]
}
],
"summary": "Create a user",
"operationId": "createUsers",
...
}
...
}
}
{} in the security definition for a sensitive operation. This overrides globally defined security requirements and renders the createUsers operation vulnerable to unauthorized and unauthenticated access.
openapi: 3.0.0
info:
...
paths:
/users:
post:
operationId: createUsers
security:
- {}
- oauth_auth:
- write:users
- read:users
responses:
'201':
...
...
password = ''.
...
...
URLRequestDefaults.setLoginCredentialsForHost(hostname, "scott", "");
...
Example 1 indicates that the user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
var storedPassword:String = "";
var temp:String;
if ((temp = readPassword()) != null) {
storedPassword = temp;
}
if(storedPassword.equals(userPassword))
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for userPassword.
...
HttpRequest req = new HttpRequest();
req.setClientCertificate('mycert', '');
...
...
NetworkCredential netCred = new NetworkCredential("scott", "", domain);
...
Example 1 succeeds, it indicates that the network credential login "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
string storedPassword = "";
string temp;
if ((temp = ReadPassword(storedPassword)) != null) {
storedPassword = temp;
}
if(storedPassword.Equals(userPassword))
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for userPassword.
...
rc = SQLConnect(*hdbc, server, SQL_NTS, "scott", SQL_NTS, "", SQL_NTS);
...
Example 1 succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
char *stored_password = "";
readPassword(stored_password);
if(safe_strcmp(stored_password, user_password))
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for user_password.
...
<cfquery name = "GetSSNs" dataSource = "users"
username = "scott" password = "">
SELECT SSN
FROM Users
</cfquery>
...
Example 1 succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
var password = "";
var temp;
if ((temp = readPassword()) != null) {
password = temp;
}
if(password == userPassword()) {
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for userPassword.
...
response.SetBasicAuth(usrName, "")
...
...
DriverManager.getConnection(url, "scott", "");
...
Example 1 succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
String storedPassword = "";
String temp;
if ((temp = readPassword()) != null) {
storedPassword = temp;
}
if(storedPassword.equals(userPassword))
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for userPassword.
...
webview.setWebViewClient(new WebViewClient() {
public void onReceivedHttpAuthRequest(WebView view,
HttpAuthHandler handler, String host, String realm) {
String username = "";
String password = "";
if (handler.useHttpAuthUsernamePassword()) {
String[] credentials = view.getHttpAuthUsernamePassword(host, realm);
username = credentials[0];
password = credentials[1];
}
handler.proceed(username, password);
}
});
...
Example 2, if useHttpAuthUsernamePassword() returns false, an attacker will be able to view protected pages by supplying an empty password.
...
obj = new XMLHttpRequest();
obj.open('GET','/fetchusers.jsp?id='+form.id.value,'true','scott','');
...
{
...
"password" : ""
...
}
...
rc = SQLConnect(*hdbc, server, SQL_NTS, "scott", SQL_NTS, "", SQL_NTS);
...
Example 1 succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
NSString *stored_password = "";
readPassword(stored_password);
if(safe_strcmp(stored_password, user_password)) {
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for user_password.
<?php
...
$connection = mysql_connect($host, 'scott', '');
...
?>
DECLARE
password VARCHAR(20);
BEGIN
password := "";
END;
...
db = mysql.connect("localhost","scott","","mydb")
...
...
conn = Mysql.new(database_host, "scott", "", databasename);
...
Example 1 succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change."" as a default value when none is specified. In this case you also need to make sure that the correct number of arguments are specified in order to make sure a password is passed to the function.
...
ws.url(url).withAuth("john", "", WSAuthScheme.BASIC)
...
...
let password = ""
let username = "scott"
let con = DBConnect(username, password)
...
Example 1 succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
var stored_password = ""
readPassword(stored_password)
if(stored_password == user_password) {
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing an empty string for user_password.
...
Dim con As New ADODB.Connection
Dim cmd As New ADODB.Command
Dim rst As New ADODB.Recordset
con.ConnectionString = "Driver={Microsoft ODBC for Oracle};Server=OracleServer.world;Uid=scott;Passwd=;"
...
Example 1 succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.
...
password = 'tiger'.
...
...
URLRequestDefaults.setLoginCredentialsForHost(hostname, "scott", "tiger");
...
...
HttpRequest req = new HttpRequest();
req.setClientCertificate('mycert', 'tiger');
...
...
NetworkCredential netCred =
new NetworkCredential("scott", "tiger", domain);
...
...
rc = SQLConnect(*hdbc, server, SQL_NTS, "scott",
SQL_NTS, "tiger", SQL_NTS);
...
...
MOVE "scott" TO UID.
MOVE "tiger" TO PASSWORD.
EXEC SQL
CONNECT :UID
IDENTIFIED BY :PASSWORD
AT :MYCONN
USING :MYSERVER
END-EXEC.
...
...
<cfquery name = "GetSSNs" dataSource = "users"
username = "scott" password = "tiger">
SELECT SSN
FROM Users
</cfquery>
...
...
var password = "foobarbaz";
...
javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for Example 1:
javap -c ConnMngr.class
22: ldc #36; //String jdbc:mysql://ixne.com/rxsql
24: ldc #38; //String scott
26: ldc #17; //String tiger
password := "letmein"
...
response.SetBasicAuth(usrName, password)
...
DriverManager.getConnection(url, "scott", "tiger");
...
javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for Example 1:
javap -c ConnMngr.class
22: ldc #36; //String jdbc:mysql://ixne.com/rxsql
24: ldc #38; //String scott
26: ldc #17; //String tiger
...
webview.setWebViewClient(new WebViewClient() {
public void onReceivedHttpAuthRequest(WebView view,
HttpAuthHandler handler, String host, String realm) {
handler.proceed("guest", "allow");
}
});
...
Example 1, this code will run successfully, but anyone who has access to it will have access to the password.
...
obj = new XMLHttpRequest();
obj.open('GET','/fetchusers.jsp?id='+form.id.value,'true','scott','tiger');
...
...
{
"username":"scott"
"password":"tiger"
}
...
...
DriverManager.getConnection(url, "scott", "tiger")
...
javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for Example 1:
javap -c ConnMngr.class
22: ldc #36; //String jdbc:mysql://ixne.com/rxsql
24: ldc #38; //String scott
26: ldc #17; //String tiger
...
webview.webViewClient = object : WebViewClient() {
override fun onReceivedHttpAuthRequest( view: WebView,
handler: HttpAuthHandler, host: String, realm: String
) {
handler.proceed("guest", "allow")
}
}
...
Example 1, this code will run successfully, but anyone who has access to it will have access to the password.
...
rc = SQLConnect(*hdbc, server, SQL_NTS, "scott",
SQL_NTS, "tiger", SQL_NTS);
...
...
$link = mysql_connect($url, 'scott', 'tiger');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
...
DECLARE
password VARCHAR(20);
BEGIN
password := "tiger";
END;
password = "tiger"
...
response.writeln("Password:" + password)
...
Mysql.new(URI(hostname, 'scott', 'tiger', databasename)
...
...
ws.url(url).withAuth("john", "secret", WSAuthScheme.BASIC)
...
javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something such as the following for Example 1:
javap -c MyController.class
24: ldc #38; //String john
26: ldc #17; //String secret
...
let password = "secret"
let username = "scott"
let con = DBConnect(username, password)
...
...
https://user:secretpassword@example.com
...
...
Dim con As New ADODB.Connection
Dim cmd As New ADODB.Command
Dim rst As New ADODB.Recordset
con.ConnectionString = "Driver={Microsoft ODBC for Oracle};Server=OracleServer.world;Uid=scott;Passwd=tiger;"
...
...
credential_settings:
username: scott
password: tiger
...
Null passwords can compromise security.null to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
var storedPassword:String = null;
var temp:String;
if ((temp = readPassword()) != null) {
storedPassword = temp;
}
if(Utils.verifyPassword(userPassword, storedPassword))
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for userPassword.null to password variables is never a good idea as it might enable attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
string storedPassword = null;
string temp;
if ((temp = ReadPassword(storedPassword)) != null) {
storedPassword = temp;
}
if (Utils.VerifyPassword(storedPassword, userPassword)) {
// Access protected resources
...
}
...
ReadPassword() fails to retrieve the stored password due to a database error or other problem, then an attacker can easily bypass the password check by providing a null value for userPassword.null to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
string storedPassword = null;
string temp;
if ((temp = ReadPassword(storedPassword)) != null) {
storedPassword = temp;
}
if(Utils.VerifyPassword(storedPassword, userPassword))
// Access protected resources
...
}
...
ReadPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for userPassword.null to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
char *stored_password = NULL;
readPassword(stored_password);
if(safe_strcmp(stored_password, user_password))
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for user_password.null to password variables is never a good idea as it might enable attackers to bypass password verification or it might indicate that resources are protected by an empty password.null to password variables is a bad idea because it can allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
String storedPassword = null;
String temp;
if ((temp = readPassword()) != null) {
storedPassword = temp;
}
if(Utils.verifyPassword(userPassword, storedPassword))
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for userPassword.null, reads credentials from an Android WebView store if they have not been previously rejected by the server for the current request, and uses them to setup authentication for viewing protected pages.
...
webview.setWebViewClient(new WebViewClient() {
public void onReceivedHttpAuthRequest(WebView view,
HttpAuthHandler handler, String host, String realm) {
String username = null;
String password = null;
if (handler.useHttpAuthUsernamePassword()) {
String[] credentials = view.getHttpAuthUsernamePassword(host, realm);
username = credentials[0];
password = credentials[1];
}
handler.proceed(username, password);
}
});
...
Example 1, if useHttpAuthUsernamePassword() returns false, an attacker will be able to view protected pages by supplying a null password.null password.null:
...
var password=null;
...
{
password=getPassword(user_data);
...
}
...
if(password==null){
// Assumption that the get didn't work
...
}
...
null to password variables because it might enable attackers to bypass password verification or indicate that resources are not protected by a password.null password.
{
...
"password" : null
...
}
null password. Null passwords can compromise security.null to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
NSString *stored_password = NULL;
readPassword(stored_password);
if(safe_strcmp(stored_password, user_password)) {
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for user_password.null to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
<?php
...
$storedPassword = NULL;
if (($temp = getPassword()) != NULL) {
$storedPassword = $temp;
}
if(strcmp($storedPassword,$userPassword) == 0) {
// Access protected resources
...
}
...
?>
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for userPassword.null to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null.
DECLARE
password VARCHAR(20);
BEGIN
password := null;
END;
null to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
storedPassword = NULL;
temp = getPassword()
if (temp is not None) {
storedPassword = temp;
}
if(storedPassword == userPassword) {
// Access protected resources
...
}
...
getPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for userPassword.nil to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.nil, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
@storedPassword = nil
temp = readPassword()
storedPassword = temp unless temp.nil?
unless Utils.passwordVerified?(@userPassword, @storedPassword)
...
end
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for @userPassword.nil as a default value when none is specified. In this case you also need to make sure that the correct number of arguments are specified in order to make sure a password is passed to the function.null to password variables is a bad idea because it can allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
ws.url(url).withAuth("john", null, WSAuthScheme.BASIC)
...
null password. Null passwords can compromise security.nil to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null, attempts to read a stored value for the password, and compares it against a user-supplied value.
...
var stored_password = nil
readPassword(stored_password)
if(stored_password == user_password) {
// Access protected resources
...
}
...
readPassword() fails to retrieve the stored password due to a database error or another problem, then an attacker could trivially bypass the password check by providing a null value for user_password.null to password variables is never a good idea as it may allow attackers to bypass password verification or might indicate that resources are protected by an empty password.null and uses it to connect to a database.
...
Dim storedPassword As String
Set storedPassword = vbNullString
Dim con As New ADODB.Connection
Dim cmd As New ADODB.Command
Dim rst As New ADODB.Recordset
con.ConnectionString = "Driver={Microsoft ODBC for Oracle};Server=OracleServer.world;Uid=scott;Passwd=" & storedPassword &";"
...
Example 1 succeeds, it indicates that the database user account "scott" is configured with an empty password, which an attacker can easily guess. After the program ships, updating the account to use a non-empty password will require a code change.