Reliance on Security Through Obscurity

CVE-2020-10277

Medium

6.4/10

Summary

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-656 - Reliance on Security Through Obscurity

The software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

References

Advisory Timeline

Published Jun 24, 2020

Reliance on Security Through Obscurity

CVE-2020-10277

Summary

CWE-656 - Reliance on Security Through Obscurity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS