From 80058b1f60bdce9660d81c5e9fa77a88761c80af Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Tue, 12 Dec 2023 15:17:40 +1000
Subject: [PATCH 1/3] Update to IV Reuse

Rewrote the overview to provide further clarity of the cryptographic weakness
---
 .../initialization_vector_reuse/template.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/submissions/description/cryptographic_weakness/insufficient_entropy/initialization_vector_reuse/template.md b/submissions/description/cryptographic_weakness/insufficient_entropy/initialization_vector_reuse/template.md
index 443423bd..e5883b3f 100644
--- a/submissions/description/cryptographic_weakness/insufficient_entropy/initialization_vector_reuse/template.md
+++ b/submissions/description/cryptographic_weakness/insufficient_entropy/initialization_vector_reuse/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptographic algorithms use an initial block of data (called an initialization vector) alongside the plaintext data that is encrypted. When this IV is reused for multiple encryptions, an attacker can identify the IV from the original data within the encryption.
+Cryptographic algorithms use an initial block of data called an Initialization Vector (IV) alongside the plaintext data that is encrypted. When this IV is reused across multiple encryptions, the cryptographic algorithms are weakened as an attacker can differentiate the IV from the original encrypted data. This can lead to further targeted attacks.
 
 ## Business Impact
 

From a6c75c2fa1b428f7b3ccd30c96b61e610e371314 Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Thu, 14 Dec 2023 13:02:25 +1000
Subject: [PATCH 2/3] Quality updates to Cryptographic Weakness writeups

Clarified definitions and fixed some minor spelling and grammar errors
---
 .../predictable_initialization_vector/template.md             | 2 +-
 .../insufficient_entropy/predictable_prng_seed/template.md    | 2 +-
 .../insufficient_entropy/prng_seed_reuse/template.md          | 2 +-
 .../insufficient_entropy/small_seed_space_in_prng/template.md | 2 +-
 .../cryptographic_signature/template.md                       | 2 +-
 .../identity_check_value/template.md                          | 2 +-
 .../key_reuse/inter_environment/template.md                   | 2 +-
 .../key_reuse/intra_environment/template.md                   | 2 +-
 .../key_reuse/lack_of_perfect_forward_secrecy/template.md     | 4 ++--
 .../differential_fault_analysis/recommendations.md            | 3 ++-
 .../differential_fault_analysis/template.md                   | 4 ++--
 .../side_channel_attack/emanations_attack/template.md         | 2 +-
 .../side_channel_attack/power_analysis_attack/template.md     | 2 +-
 .../use_of_expired_cryptographic_key_or_cert/template.md      | 2 +-
 .../cryptographic_weakness/weak_hash/lack_of_salt/template.md | 2 +-
 15 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/submissions/description/cryptographic_weakness/insufficient_entropy/predictable_initialization_vector/template.md b/submissions/description/cryptographic_weakness/insufficient_entropy/predictable_initialization_vector/template.md
index 5554ed73..28ef3c15 100644
--- a/submissions/description/cryptographic_weakness/insufficient_entropy/predictable_initialization_vector/template.md
+++ b/submissions/description/cryptographic_weakness/insufficient_entropy/predictable_initialization_vector/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptographic algorithms use an initial block of data (called an initialization vector) alongside the plaintext data that is encrypted. When this IV is predictable, an attacker can identify the IV from the original data within the encryption.
+Cryptographic algorithms use an initial block of data called an Initialization Vector (IV) alongside the plaintext data that is encrypted. A predictable IV weakens the cryptographic algorithms as an attacker can differentiate the IV from the original encrypted data. This can lead to further targeted attacks.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/insufficient_entropy/predictable_prng_seed/template.md b/submissions/description/cryptographic_weakness/insufficient_entropy/predictable_prng_seed/template.md
index e5a2d81e..1238b1fc 100644
--- a/submissions/description/cryptographic_weakness/insufficient_entropy/predictable_prng_seed/template.md
+++ b/submissions/description/cryptographic_weakness/insufficient_entropy/predictable_prng_seed/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is predictable in full or in part, it is possible to determine the random numbers produce by the PRNG. The PRNG seed value is predictable, allowing an attacker to guess the random numbers  generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization and authentication.
+A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is predictable in full or in part, it is possible to determine the random numbers produce by the PRNG. This allows an attacker to guess the random numbers generated by the PRNG and can lead to unauthorized access if that seed value is used for authorization or authentication.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/insufficient_entropy/prng_seed_reuse/template.md b/submissions/description/cryptographic_weakness/insufficient_entropy/prng_seed_reuse/template.md
index 22bed27a..349474f9 100644
--- a/submissions/description/cryptographic_weakness/insufficient_entropy/prng_seed_reuse/template.md
+++ b/submissions/description/cryptographic_weakness/insufficient_entropy/prng_seed_reuse/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is known, it is possible to determine the random numbers produce by the PRNG. An attacker with access to the seed value can predict or guess the random numbers which can lead to unauthorized access if that seed value is used for authorization and authentication.
+A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is known, it is possible to determine the random numbers produce by the PRNG. An attacker with access to the seed value can predict or guess the random numbers which can lead to unauthorized access if that seed value is used for authorization or authentication.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/insufficient_entropy/small_seed_space_in_prng/template.md b/submissions/description/cryptographic_weakness/insufficient_entropy/small_seed_space_in_prng/template.md
index a574b83c..d574813d 100644
--- a/submissions/description/cryptographic_weakness/insufficient_entropy/small_seed_space_in_prng/template.md
+++ b/submissions/description/cryptographic_weakness/insufficient_entropy/small_seed_space_in_prng/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is small in size, it is possible to bruteforce all possible seeed values. An attacker who can guess the seed value can predict or guess the random numbers generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization and authentication.
+A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is small in size, it is possible to bruteforce all possible seed values. An attacker who can guess the seed value can predict or guess the random numbers generated by the PRNG. This can lead to unauthorized access if that seed value is used for authorization or authentication.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/cryptographic_signature/template.md b/submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/cryptographic_signature/template.md
index b61636a6..af0d8cf7 100644
--- a/submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/cryptographic_signature/template.md
+++ b/submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/cryptographic_signature/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the application fails to verify the cryptographic signature. Ths can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application fails to verify the cryptographic signature which can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/identity_check_value/template.md b/submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/identity_check_value/template.md
index 4b823ad5..dc71391e 100644
--- a/submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/identity_check_value/template.md
+++ b/submissions/description/cryptographic_weakness/insufficient_verification_of_data_authenticity/identity_check_value/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the authenticity of the Integrity Check Value (ICV) is not verified which can lead to data corruption. Ths can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. Within the application, the authenticity of the Integrity Check Value (ICV) is not verified which can lead to data corruption. This can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/key_reuse/inter_environment/template.md b/submissions/description/cryptographic_weakness/key_reuse/inter_environment/template.md
index a314185f..3132e6bc 100644
--- a/submissions/description/cryptographic_weakness/key_reuse/inter_environment/template.md
+++ b/submissions/description/cryptographic_weakness/key_reuse/inter_environment/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the application's cryptographic mechanism reuses keys across different environment (inter-environment). This can allow an attacker to leverage the key to gain access to information or privileges within the application that are protected by the same key.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application's cryptographic mechanism reuses keys across different environments (inter-environment). This can allow an attacker to leverage the key to gain access to information or privileges within the application that are protected by the same key.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/key_reuse/intra_environment/template.md b/submissions/description/cryptographic_weakness/key_reuse/intra_environment/template.md
index f316ec50..d7ffb37f 100644
--- a/submissions/description/cryptographic_weakness/key_reuse/intra_environment/template.md
+++ b/submissions/description/cryptographic_weakness/key_reuse/intra_environment/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the application's cryptographic mechanism reuses keys within the same environment (intra-environment). This can allow an attacker to leverage the key to gain access to information or privileges within the application that are protected by the same key.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application's cryptographic mechanism reuses keys within the same environment (intra-environment). This can allow an attacker to leverage the key to gain access to information or privileges within the application that are protected by the same key.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/key_reuse/lack_of_perfect_forward_secrecy/template.md b/submissions/description/cryptographic_weakness/key_reuse/lack_of_perfect_forward_secrecy/template.md
index 29a3aac8..59f79929 100644
--- a/submissions/description/cryptographic_weakness/key_reuse/lack_of_perfect_forward_secrecy/template.md
+++ b/submissions/description/cryptographic_weakness/key_reuse/lack_of_perfect_forward_secrecy/template.md
@@ -1,8 +1,8 @@
-# Lack of Perfect Forward Secrecy
+# Lack of Perfect Forward Secrecy (PFS)
 
 ## Overview of the Vulnerability
 
-It was identified that the application's cryptographic mechanism lacks the use of Perfect Forward Secrecy (PFS). PFS involves the negotiation of an ephemeral key pair for each newly create session between two parties. Without PFS, an attacker would be able to compromise all past and future sessions based on a set of keys that they can decrypt. They can then leverage the keys to gain access to information or privileges within the application that are protected by the same key.
+Perfect Forward Secrecy (PFS) is used to generate unique session keys for each communication session which reduces the likelihood of past sessions being decrypted, even if the long-term keys are compromised. Without PFS, an attacker who can identify encryption keys is able to decrypt all past and future sessions that are based on those encryption keys. This application's cryptographic mechanism lacks the use of PFS which can result in an attacker gaining access to information or privileges within the application that are protected by the same encryption keys.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/recommendations.md b/submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/recommendations.md
index 772dc092..34f50b4b 100644
--- a/submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/recommendations.md
+++ b/submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/recommendations.md
@@ -1,7 +1,8 @@
 # Recommendation(s)
 
-Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Best practices includes uniform exception handling and ensuring that the system reverts to a known uniform state when faults occur.
+Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. The application and its systems should always revert to a known and uniform state when faults and errors occur. This can be achieved through uniform exception handling, restoring saved states, or system reset. The exact method will be contextual to the application.
 
 For more information, refer to the following resource:
 
 - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/>
+- <https://ieeexplore.ieee.org/document/6976633>
diff --git a/submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/template.md b/submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/template.md
index 925eeeca..e82b0450 100644
--- a/submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/template.md
+++ b/submissions/description/cryptographic_weakness/side_channel_attack/differential_fault_analysis/template.md
@@ -1,8 +1,8 @@
-# Differential Fault Analysis
+# Differential Fault Analysis (DFA)
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a differential fault analysis attack as there are changes to the system's response to specially crafted fault conditions during specific steps of cryptographic operations.
+Differential Fault Analysis (DFA) is an attack on that exploits differences in the application's behavior in response to specially-crafted faults or errors. The application is vulnerable to DFA as it is possible to observe different behavior in the application's cryptographic system when faults are induced. This can allow an attacker to compromise the security of cryptographic keys.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/side_channel_attack/emanations_attack/template.md b/submissions/description/cryptographic_weakness/side_channel_attack/emanations_attack/template.md
index 1ce90a0c..95ef17a8 100644
--- a/submissions/description/cryptographic_weakness/side_channel_attack/emanations_attack/template.md
+++ b/submissions/description/cryptographic_weakness/side_channel_attack/emanations_attack/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a emanations attack as there are changes to the electromagnetic emanations across the physical system when it is performing different steps of cryptographic operations.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a emanations attack as there are changes to the electromagnetic emanations across the physical system when it is performing different steps of cryptographic operations. This can allow an attacker to extract sensitive information such as cryptographic keys or other sensitive data processed by the application.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/side_channel_attack/power_analysis_attack/template.md b/submissions/description/cryptographic_weakness/side_channel_attack/power_analysis_attack/template.md
index 9ef55158..615b041e 100644
--- a/submissions/description/cryptographic_weakness/side_channel_attack/power_analysis_attack/template.md
+++ b/submissions/description/cryptographic_weakness/side_channel_attack/power_analysis_attack/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a power analysis attack as there is uneven power consumption across the system when performing different steps of cryptographic operations.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a power analysis attack as there is uneven power consumption across the system when performing different steps of cryptographic operations. This can allow an attacker to break the confidentiality of requests sent to and from the endpoint.
 
 ## Business Impact
 
diff --git a/submissions/description/cryptographic_weakness/use_of_expired_cryptographic_key_or_cert/template.md b/submissions/description/cryptographic_weakness/use_of_expired_cryptographic_key_or_cert/template.md
index ebd18946..5143150f 100644
--- a/submissions/description/cryptographic_weakness/use_of_expired_cryptographic_key_or_cert/template.md
+++ b/submissions/description/cryptographic_weakness/use_of_expired_cryptographic_key_or_cert/template.md
@@ -1,4 +1,4 @@
-# Use of Expired Cryptographic Key (or Certificate)
+# Use of Expired Cryptographic Key or Certificate
 
 ## Overview of the Vulnerability
 
diff --git a/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md b/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md
index ec70bf99..77180d45 100644
--- a/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md
+++ b/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the hash does not have a salt which can allow an attacker to use rainbow table attacks.
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. A lack of salt in the application's cryptographic hash means that there is no unique randomness added to the hash. This significantly reduces the complexity of an attacker being able to guess the hash value, or perform rainbow table or brute force attacks.
 
 ## Business Impact
 

From 8596c0a19977c960ee7ca4eb443124204d1c3c42 Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Sun, 17 Mar 2024 15:27:59 +1000
Subject: [PATCH 3/3] Adding Data Not Encrypted at Rest

---
 .../non_sensitive/template.md                 | 22 +++++++++++++++++++
 .../sensitive/template.md                     | 22 +++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/non_sensitive/template.md
 create mode 100644 submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/sensitive/template.md

diff --git a/submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/non_sensitive/template.md b/submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/non_sensitive/template.md
new file mode 100644
index 00000000..a002a00f
--- /dev/null
+++ b/submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/non_sensitive/template.md
@@ -0,0 +1,22 @@
+# Data Not Encrypted at Rest (Non-Sensitive)
+
+## Overview of the Vulnerability
+
+The device stores non-sensitive data that is not encrypted at rest. Despite the data not being directly exploitable, its accessibility due to lack of encryption allows attackers with physical access to the device to retrieve this information. This exposure could facilitate reverse engineering efforts or aid in future exploitation attempts, indirectly compromising the system's security.
+
+## Business Impact
+
+While the data in question is classified as non-sensitive, its exposure still poses security risks. Unauthorized access to this data can provide attackers with insights into the device's operations or architecture, potentially leading to vulnerabilities being uncovered. This situation can undermine the security posture of the device, leading to increased susceptibility to targeted attacks, erosion of customer confidence, and potential reputational damage.
+
+## Steps to Reproduce
+
+1. Gain physical access to the device and remove the cover as seen in the images below.
+1. Locate the hard drive on the device, and remove it.
+1. Using a external hard drive caddy, mount the device.
+1. Observe that it is possible to access the filesystem, demonstrating the lack of encryption at rest.
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}
diff --git a/submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/sensitive/template.md b/submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/sensitive/template.md
new file mode 100644
index 00000000..cf27c0e6
--- /dev/null
+++ b/submissions/description/insecure_os_firmware/data_not_encrypted_at_rest/sensitive/template.md
@@ -0,0 +1,22 @@
+# Data Not Encrypted at Rest (Sensitive)
+
+## Overview of the Vulnerability
+
+The device stores sensitive data that is not encrypted at rest, compromising the confidentiality and integrity of the data. This oversight allows an attacker with physical access to the device to easily access and potentially compromise the sensitive data contained within, exposing personal information, secrets, or credentials.
+
+## Business Impact
+
+The absence of encryption for sensitive data at rest on the device poses a significant risk to data confidentiality and integrity. This vulnerability can lead to data breaches, unauthorized access to sensitive information, and potential financial and reputational damages to the organization. It undermines the trust of customers and partners and may result in non-compliance with regulatory requirements related to data protection and privacy.
+
+## Steps to Reproduce
+
+1. Gain physical access to the device and remove the cover as seen in the images below.
+1. Locate the hard drive on the device, and remove it.
+1. Using a external hard drive caddy, mount the device.
+1. Observe that it is possible to access the filesystem, demonstrating the lack of encryption at rest.
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}