pytm icon indicating copy to clipboard operation
pytm copied to clipboard
verified publisher icon izar

DS01: Weak credential storage - condition too broad

Open colesmj opened this issue 7 years ago • 1 comments

"DS01": { "description": "Weak Credential Storage", "source": (Process, Element), "target": Datastore, "condition": "(target.storesPII is True or target.storesSensitiveData is True) and (target.isEncrypted is False or target.providesConfidentiality is False or target.providesIntegrity is False)", },

Condition includes storesPII, which would not include credentials (at least not for the target or source); it also includes storesSensitiveData (same comment applies). A better test would be source.hasAccessControl or source.authenticatedWith - these conditions suggest the datastore holds credentials, and the target checks then make sense.

colesmj avatar Oct 21 '18 15:10 colesmj

Looks like this issue is not valid anymore. DS01 probably has been repurposed into a different threat (we should not be doing this). Also #127 would solve this.

nineinchnick avatar Oct 04 '20 11:10 nineinchnick