The 3 most common vulnerabilities
from our vulnerability scans

Log.png
IMG_8394.jpg

On behalf of our customers, we have conducted a large number of vulnerability scans of their external IP addresses over the past year. We do this to identify possible vulnerabilities, which we can remedy before someone unauthorized does so!  

Even though we have helped companies from vastly different industries and sizes, we often see the same vulnerabilities occurring with them.

Because of this, we have gathered the three most common vulnerabilities that we have seen so you can check if you are protecting yourself against these vulnerabilities.

1. Encryption Configuration (Protocols and Algorithms)

We start with the most common vulnerability that we have seen in our scans.

Most often, we see an encryption configuration that supports old and vulnerable protocols, such as SSLv2/3, with weak algorithms such as 3DES, DES and NULL. The sole support for these elements is a vulnerability in this case.

The risk is that an outside agent ‘eavesdrops’ on the otherwise secure TLS connection and converts it into an unsafe SSL. The agent then connects to the server with the converted text over a weak SSLv2 connection, after which they can decode all information exchanged between server and client over time.

In general, we recommend that you turn off the unnecessary encryptions which should not be used anyway.

If you have an IIS(Internet Information Service), then this can easily be done through programs such as IISCrypto. If you are on Ubuntu, it is most commonly done in SSL configuration or whatever is available for your system. It is recommended that you find a guide that suits your needs.

Info on Best Practice for encryption can be found here: 
https://www.ssllabs.com/projects/best´-practices/index.html 

2. Versioning (PHP5.6, old IIS / Apache, WinServ08 etc.)

Although it seems obvious, we often encounter this issue when scanning. Typically, companies do not update their websites and servers often as they should, and this can quickly affect their security. The risk varies depending on the age and function of the service.

We recommend putting a priority on getting the affected services updated often, ideally closer to when they are released.

Then it is recommended that you establish a process for major version updates that are related to ‘end of life’ on the various services and products. That way, you can avoid the same problems in the future.

3. Cookie setup (Secure / httpOnly)

Finally, we often see cookie setups that could do with being strengthened on the server-side.

Specifically, these are missing ‘secure’ and ‘httpOnly’ flags. These flags ensure that a cookie can only be transported under secure conditions.

With the ‘secure’ flag, we ensure that a cookie is only sent via https. Without this flag, a connection can be manipulated to send a cookie with e.g. login information in clear text via http instead of encrypted https.

With ‘httpOnly’, we practically prevent a JavaScript from being able to read a cookie. This is to prevent an agent from exploiting a possible XSS (Cross-Site Scripting) vulnerability to access the cookie.

The recommendation is of course that you get the two flags added to the active cookies. On an IIS, these settings will have to be established in web.config, but it is recommended that you find a guide that suits your needs.

These were the 3 vulnerabilities that we have most encountered in the past year. We hope you can take these steps to keep your systems secure. If you have any questions about vulnerability scans or about your company’s IT security, you are always welcome to contact us at info@cyberpilot.io.

Want to see what a vulnerability scan report looks like?

 You can fill out the form below and receive an anonymized version of a report that we have sent to one of our customers. 

Top