Configuration Management
From Guidance Share
Contents |
[edit]
Description
Many applications support configuration management interfaces and functionality to all operators and administrators to change configuration parameters, update Web site content, and to perform routine maintenance
[edit]
Vulnerabilities
- Unauthorized Access to Administration Interfaces
- Unauthorized Access to Configuration Stores
- Retrieval of Plaintext Configuration Secrets
- Lack of Individual Accountability
- Over-privileged Application and Service Accounts
[edit]
Attacks
[edit]
Countermeasures
Countermeasures to prevent Configuration Management issues include: