Comments (6)
Actually I tend to agree with the @EgiX , we probably should mark it as p5 for a consistent triaging process. The chrome fully mitigates this issue, and it'd be really hard to trick the user to write the credentials in firefox, given that it clearly shows testtest.com is requesting your name and password. It even shows a warning message, so this could be considered as an accepted risk in my opinion and the client should have the right to not pay for it.
Happy to hear others thoughts.
from vulnerability-rating-taxonomy.
There's still a good phishing potential in Safari and IE as I see in @EgiX's examples. Let's consider that the attacker is capable of injecting HTTP authentication into bugcrowd.com. Assuming that the attacker controls buqcrowd.com (q instead of g or something similar) and the victim is using Safari or IE the prompt will say something along these lines: "Login on buqcrowd.com:80 - Password will be sent in clear". That is still a valid issue. Also lets not underestimate how users ignore dialog messages, which would be a good enough risk factor in Firefox.
I do feel that this is more a P5 than P4 because it is often a feature to allow the users to paste image tags. Since there's no trivial fix (correct me if I'm wrong here) this kind of issues would be see as won't fix by the clients. The mitigation would be not so much disabling this type of features but monitoring abuse.
from vulnerability-rating-taxonomy.
My vote goes for P5. Yes you get prompted, but most users will click away, and the ones that don't will probably read instead of blindly typing their password anywhere
from vulnerability-rating-taxonomy.
This is what the victim will see in Safari (my actual screenshot) and IE (potentially) if the malicious server uses HTTPS (domain masked by me as it's not important) :
It is not a matter of 'if', but rather how many user accounts will get compromised. Let's look back at the historical data for this type of issues and see if they present any value to the customers before we take any steps.
from vulnerability-rating-taxonomy.
I agree that it needs to be downgraded with P5. It's also like Content Spoofing. Based on what @EdisK said that it has been mitigated in Chrome then that's a good point too.
from vulnerability-rating-taxonomy.
Closing this Issue as agreed during today's vulnerability roundtable
from vulnerability-rating-taxonomy.
Related Issues (20)
- BAC -> IDORs in Different impacts HOT 4
- Removing "Broken Access Control (BAC) > Server-Side Request Forgery (SSRF) > External" HOT 5
- Why application wide CORS misconfiguration is not a p2???? HOT 1
- Request to add LDAP Injection as Bugcrowd VRT HOT 11
- Depreciation of IE11 HOT 4
- Disposable Email Addresses - invalid HOT 5
- Privilege Escalation as a subcategory of Broken Access Controls HOT 7
- Addition - Failure to Invalidate Session On Permission Change HOT 3
- HTTP Request Smuggling HOT 2
- Addition - HTML Content Injection HOT 1
- Update - PII Leakage updated to Sensitive Information Leak HOT 3
- Why Blind XSS can't be P1 While Massive PII is leakage? HOT 1
- SSRF as it's own top-category HOT 2
- infinite 301 HOT 4
- Text injection - needs higher priority HOT 4
- Content spoofing - needs higher priority HOT 1
- New IDOR Variants HOT 10
- Change of "Sensitive Data Exposure > Disclosure of Secretes > Intentionally Public, Sample or Invalid"
- Add unnecessary open port on server misconfiguration in P1 HOT 1
- Add LLM VRT Entries HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulnerability-rating-taxonomy.