Configuration Management

From Guidance Share

Jump to: navigation, search

Contents

Description

Many applications support configuration management interfaces and functionality to all operators and administrators to change configuration parameters, update Web site content, and to perform routine maintenance


Vulnerabilities

  • Unauthorized Access to Administration Interfaces
  • Unauthorized Access to Configuration Stores
  • Retrieval of Plaintext Configuration Secrets
  • Lack of Individual Accountability
  • Over-privileged Application and Service Accounts


Attacks

Countermeasures

Countermeasures to prevent Configuration Management issues include:

Personal tools