Commit 4b3c5c34 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Add threat for access to assets by configuration error

parent c26e4a15

EN-304-620-1.md

+30 −7
Original line number Diff line number Diff line
@@ -950,6 +950,36 @@ Mitigations for Impact: 


* High to Low: NPII-\*



#### C.4.3.4 TH-CONF: Access to assets via configuration errors



Attacker may use configuration errors to get unauthorized access to the product assets.



| Risk factors                                      | Likelihood | Security profiles |

|---------------------------------------------------|------------|-------------------|

| CFG = 2 & max(ADM, COM) = 2 & max(DAT, FUN) = 2   | High       | SP-3, SP-4        |

| all others                                        | Medium     | SP-1, SP-2        |

| CFG = 0 or max(ADM, COM) = 0 or max(DAT, FUN) = 0 | Low        | none              |



| Risk factors      | Impact | Security profiles |

|-------------------|--------|-------------------|

| DAT = 2 & FUN = 2 | High   | SP-3              |

| all others        | Medium | SP-2, SP-4        |

| DAT = 0 & FUN = 0 | Low    | SP-1              |



Requirements that mitigate this threat: EISO, TRAF, IPv6, CDST, DMIN, LOGG



Mitigations for Likelihood:



* Medium to Low: EISO, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\*



* High to Low: EISO, TRAF-1, IPv6-\*



Mitigations for Impact:



* Medium to Low: NPII-1, AUTH-3, LOGG-1, CDST



* High to Low: NPII-\*, AUTH-3, AUTH-4, AUTH-5, LOGG-\*, CDST



### C.4.x TH-XXXX: _Short description_



_Complete sentence describing the threat._
@@ -982,19 +1012,12 @@ Mitigations for Impact: 


> TODO-HAS: Turn below threats into formal threats and mitigations



Threat: Reading of sensitive stored data



Threat: Deanonymization due to the use of unique egress identifiers (such as IPs)



Threat: Storing sensitive data in logs



Threat: Metadata and traffic‑analysis risks



Threat: config errors

  -TR: User interfaces, especially in regard to settings, shall be designed in a manner that prevents unintentional disabling of default security features.



Threat: Out-of-the-box configuration that necessarily requires modification to be secure



Threat: Misconfigured end-point exposing authentication information



Threat: Manufacturer infra compromise & isolation bugs in a multi-tenant SaaS system