Adding Network Security Misconfiguration

submissions/description/network_security_misconfiguration/guidance.md

@@ -0,0 +1,3 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.

submissions/description/network_security_misconfiguration/recommendations.md

@@ -0,0 +1,6 @@
+# Recommendation(s)
+
+Disable the user of telnet for the application’s connection to the server. Instead, SSH can be used.
+
+For more information, please see the Open Web Application Security Project (OWASP) guide located at:
+<https://owasp.org/www-community/vulnerabilities/Insecure_Transport>

submissions/description/network_security_misconfiguration/template.md

@@ -0,0 +1,20 @@
+# Network Security Misconfiguration
+
+## Overview of the Vulnerability
+
+Network security misconfigurations can occur in network devices, services, or infrastructure and expose the organization to security risks. This vulnerability was identified due to default settings, inadequate access controls, or improper firewall rules. Due to this, an attacker can perform further attacks on the application, the business, or its users.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.
+
+## Steps to Reproduce
+
+1. Issue the following command line in the terminal window: {{command}}
+1. Observe that the network security is bypassed and a connection is successfully established between the client computer and the application
+
+## Proof of Concept (PoC)
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+
+{{screenshot}}