MEDIUM

Because of this some data might be transferred without encryption.

information leak ·

The page includes mixed content, that is content accessed via HTTP instead of HTTPS.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Because of this hackers could simply access your system by trying all existing password combinations.

sloppy coding · site takeover ·

HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

By ignoring this a user of your website could have their accounts completely taken over by clicking on a malicious link and doing nothing else

bypass security ·

"In a Cross-site request forgery (CSRF) attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include client or server data leakage, change of session state, or manipulation of an end user's account. A cross-site request forgery (CSRF) ( often pronounces sea surf) Without Anti-CSRF (often pronounces sea surf) tokens a malicious site may be able to completely take over your users account. Actions that the malicious site may be able to do can include changing the password or email address of the user, making a purchase or any other user controllable action. This attack can ba launched when a user clicks on a malicious link while logged in to your website in the same web browser."

No Anti-CSRF tokens were found in a HTML submission form.A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.CSRF attacks are effective in a number of situations, including: * The victim has an active session on the target site. * The victim is authenticated via HTTP auth on the target site. * The victim is on the same local network as the target site.CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

"Both Netflix and YouTube were susceptible to CSRF attacks in their early years. In both cases this allowed any attacker to perform nearly all actions of any user - change account information, user details or even fully compromise the account. In 2019 Facebook awarded $25 000 to a security expert who discovered a CSRF vulnerability in their system. According to the researcher, the exploit could have been used to immediately take over user's Facebook account the moment they clicked on a malicious link while logged into Facebook in the same browser."

Some parts of code produce errors and these errors are visible.

information disclosure · hacker aid · information leak ·

Sometimes errors in code are visible to the user. And sometimes these errors give out data about system architecture. While not directly dangerous on its own, this vulnerability can help a hacker to plan and execute an attack. Please be aware that this vulnerability can also be a false positive, if found on a documentation page.

This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Most customers find error messages on websites very disturbing. Please address this issue immediately. Fixing this can make a huge difference in customer experience and can save you money.

script-src includes unsafe-inline.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

The source code of the tested site contains comments which may contain sensitive data. Like parts of code, url-s or program logic. This could give valuable hints to the potential attacker.

information disclosure ·

An attacker who finds these comments can map the application's structure and files, expose hidden parts of the site, and study the fragments of code to reverse engineer the application, which may help develop further attacks against the site.

The response appears to contain suspicious comments which may help an attacker.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Comments in code are not dangerous themselves. But if a comment gives an attacker hints about system architecture, SQL injections can soon follow. For Yahoo, this caused the loss of 450,000 login credentials back in 2012.

The following potential IP addresses were found being serialized in the viewstate field:

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Because of this an attacker could alter the content on your website.

content manipulation · sloppy coding ·

To display the text on a page correctly, a browser must know the character set used in the page. It seems that the page header declares a charset different from the charset defined by the body of the page. Therefore, an attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using wrongly encoded text and manipulate some browsers into showing that text.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

The generic replacement character ("�") is a very visible sign of a charset mismatch.

This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

impersonate users ·

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Because of this your stored user preferences could leak to other websites and vice versa.

bypass security · information leak · forgery · CSRF ·

Same-site cookies allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Because of this customers accessing your site from insecure or public networks can lose their login details.

bypass security · impersonate users · eavesdropping ·

If your important site cookies are transmitted unencrypted, someone could steal them. By stealing an unencrypted session cookie an attacker could just log in as the user. This could easily happen in public WiFi networks.

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent. This type of network attack is generally one of the most effective ones.

This could help hackers collect data about your system and better plan an attack.

information disclosure · hacker aid · sloppy coding ·

It seems that part of the site is still running in development mode and is leaking data. Debug error messages are important for the webmaster but should be turned off for production sites.

The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Some of today's systems have incredibly powerful debugging options built in. And these messages can reveal a vast amount of information about the system architecture. Sometimes developers just forget to switch “debug mode” off.

Because of this someone could log in pretending to be your real user.

information leak ·

Let's say your user logs into your webpage. They find a particularly interesting topic, and copy & paste the URL into an instant message to their friend. Unless the webmaster has taken steps to ensure that there's some form of validation on the session ID, the friend that clicked that link may inherit login access, and then would be able to do anything a user can do, as the user.

A hyperlink pointing to another host name was found. As session ID URL rewrite is used, it may be disclosed in referer header to external hosts.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Because of this not all data website traffic is encrypted and information the user enters into the webpage can be leaked.

information leak ·

Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection.

The page includes mixed content, that is content accessed via HTTP instead of HTTPS.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

The web/application server is leaking information via one or more 'X-Powered-By' HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

information leak ·

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Because of this some essential parts of the sites code come from third-parties and are therefore not fully under the administrators control. If these sources get hacked or change their behavior you and your customers are at risk.

information leak · forgery · information theft ·

For example, your third-party code provider may suddenly decide they want to collect data from end-users of their script, and this data might include cookies, and HTML5 storage data. By including the script on their domain you are allowing them to make these changes without agreement from you.

The page includes one or more script files from a third-party domain.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.

Info Items:1:75: A draft of the next version of CSP deprecates report-uri in favour of a new report-to directive.

This sensitive data is available only for logged in customers. To see detailed security information please create a free account and log in.