Looks like we are leaning towards Insecure Data Transport>Cleartext Transmission of Sensitive Data
. Will implement by EOD if there are no further comments
Adding Cleartext Transmission of Sensitive Data Classification
The VRT addresses distinct insecure token/credentials transmission issues across multiple categories, but does not address various types of sensitive data, to name a few: PCI information, PII, PHI etc. that might be transmitted using several insecure protocols.
Current entries:
Broken Authentication and Session Management>Weak Login Function>Over HTTP (P3)
Broken Authentication and Session Management>Weak Registration Implementation>Over HTTP (P4)
Sensitive Data Exposure>Token Leakage via Referer>Over HTTP (P4)
Sensitive Data Exposure>Weak Password Reset Implementation>Password Reset Token Sent Over HTTP (P4)
Sensitive Data Exposure>Mixed Content (HTTPS Sourcing HTTP) (P5)
Network Security Misconfiguration>Telnet Enabled>Credentials Required (P4)
Since the VRT does not address unencrypted transmission of various types of sensitive data, it calls for a new catch all entry.
Initial priority proposal:
null  context based, depending on the type of data and transit configuration
Potential classifications: 1. Sensitive Data Exposure>Cleartext Transmission of Sensitive Data (null) 2. Insecure Data Transport>Cleartext Transmission of Sensitive Data (null)
All feedback is welcome
该提问来源于开源项目：bugcrowd/vulnerabilityratingtaxonomy
 点赞
 写回答
 关注问题
 收藏
 复制链接分享
 邀请回答
5条回答

采纳
点赞 评论 复制链接分享

采纳
Due to the need for an attacker to be in a privileged position, I think sensitive information being transferred over cleartext should be moved to a P4.
点赞 评论 复制链接分享 
采纳
Agreed , the majority of sensitive information transmitted in clear text qualifies for P4/P5 based on the type of data, but there are some cases where we recommend a higher priority. We already classify cleartext transmission of credentials on login as P3 and in many cases recommend sensitive data like credit card information or critical application tokens higher than just low risk. The attacker has to be in privileged position which is certainly an obstacle in case of a targeted attack, but we don't disregard the high impact of opportunistic attacks since those are the vast majority in case of this type of data disclosure.
点赞 评论 复制链接分享 
采纳
I think credentials over cleartext should be a P4 while critical data such as credit card data should be a P3. As it stands, Telnet in use is a P4 and credentials over HTTP is the same attack.
点赞 评论 复制链接分享 
采纳
Sounds like a good material for a new issue. I'll go ahead and PR this one.
点赞 评论 复制链接分享
相关推荐
 回答 1 已采纳 想请问这个method: Arrays.asList() 参数值可以是一个数组，如果是对象数组，处理时没有问题；但是在处理基本类型数组却出现问题。对比结果简化描述如下： Integer[] moreInts = {6, 7, 8, 9, 10}; int[] arr = {11, 12, 13, 14, 15}; System.out.println(Arrays.asList(moreInts)); >可以返回数组 System.out.println(Arrays.asList(arr));> 系统给出的值却是[[I@7f31245a] 我的问题在于： 1）Arrays.asList()返回的类型应该是List, 为什么系统给的值却是[I (代表是int 数组） 2）为什么不能像处理对象数组一样，返回这个数组？ 多谢回答！ 多谢回答
 回答 2 已采纳 The Antique Comedians of Malidinesia prefer comedies to tragedies. Unfortunately, most of the ancient plays are tragedies. Therefore the dramatic advisor of ACM has decided to transfigure some tragedies into comedies. Obviously, this work is very hard because the basic sense of the play must be kept intact, although all the things change to their opposites. For example the numbers: if any number appears in the tragedy, it must be converted to its reversed form before being accepted into the comedy play. Reversed number is a number written in arabic numerals but the order of digits is reversed. The first digit becomes last and vice versa. For example, if the main hero had 1245 strawberries in the tragedy, he has 5421 of them now. Note that all the leading zeros are omitted. That means if the number ends with a zero, the zero is lost by reversing (e.g. 1200 gives 21). Also note that the reversed number never has any trailing zeros. ACM needs to calculate with reversed numbers. Your task is to add two reversed numbers and output their reversed sum. Of course, the result is not unique because any particular number is a reversed form of several numbers (e.g. 21 could be 12, 120 or 1200 before reversing). Thus we must assume that no zeros were lost by reversing (e.g. assume that the original number was 12). Input The input consists of N cases. The first line of the input contains only positive integer N. Then follow the cases. Each case consists of exactly one line with two positive integers separated by space. These are the reversed numbers you are to add. Output For each case, print exactly one line containing only one integer  the reversed sum of two reversed numbers. Omit any leading zeros in the output. Sample Input 3 24 1 4358 754 305 794 Sample Output 34 1998 1
 回答 1 已采纳 I´ve become desperate looking for a solution how to handle this situation. I´m trying to create a google chart table, where the number of columns are automatically updated each year. Procedure in SQL adds now column each year and counts all the numbers, starting in 2006, webpage shows results in google chart table and charts. Problem: Dynamically add each new year a new column (solved). Dynamically add a row to an array for each year. Correct data format. Procedure in SQL adds now column each year and counts all the numbers, starting in 2006. SQL TABLE: ID Type Month O2015 O2016 O2017 O2018 O2019 1 1 1 4346 3180 3409 4345 857 PHP Select: $sqltest1= "SELECT Month, O2006, O2007, O2008 FROM TESTOVACI100 WHERE Type = 1;"; $test1= sqlsrv_query($conn, $sqltest1); Google chart code: function drawSecondTable() { var data = new google.visualization.DataTable(); var d = new Date(); var n = d.getFullYear(); //Funguje var columns = '<?php echo $column_count ;?>'; /* var showdata = <?php while($row = sqlsrv_fetch_array($obratmesice, SQLSRV_FETCH_ASSOC)){ echo "['".$row["Month"]."', ".$row["O2006"].", ".$row["O2007"].", ".$row["O2008"]."],";} ?> */ data.addColumn('number', 'Month'); for (var i = 2006; i < n + 1; i++){ data.addColumn('number', 'O' + i);} Data.addRow(showdata); var table = new google.visualization.Table(document.getElementById('table_div2')); table.draw(data, {showRowNumber: false, width: '100%', height: '100%'}); } As you can see in a commented part of the code, I´m adding one column manually  month, the rest of them is being added automatically due to the actual year. My question is... how to automatically add rows with data? I´ve tried one approach in the commented section of the code, but I´m unsure, how to do that without adding a new row each year manually. Is there a way, how to solve this with some loop? Thanks, everyone for answers.
 回答 2 已采纳 问题描述 : Take a look at the triangle on the left of the figure below. It is made of 9 (unit) triangles arranged in three rows (N = 3 ). Needless to say, a unit triangle is a triangle with N = 1 . If you study the figure for few seconds, you’ll realize that you can find 13 different triangles (which we’ll call subtriangles.) Of these 13 subtriangles we have: Nine unit triangle; three with N = 2 , and one with N = 3 . The following table lists the number of subtriangles in arrangements with N < 5 . Let’s define the value of a unit triangle to be the integer value written in that triangle. In general, the value of a triangle is the sum of values in all its unit triangles. The triangle on the right is the same as the other one but with the subtriangle having the largest value being highlighted. Write a program to determine the subtriangle with the largest value. 输入: Your program will be tested on one or more test cases. Each test case is specified in a single line made of integers (separated by spaces.) The first integer is the number of rows in the test case, and the remaining integers are the values of the unit triangles specified in a topdown, lefttoright order. (the first test case in the example below is the same as the one in the figure.) The last line of the input file contains the number 0 (which is not part of the test cases.)The maximum number of rows is 400. The absolute value of a unit triangle is less than 1000. 输出: Your program will be tested on one or more test cases. Each test case is specified in a single line made of integers (separated by spaces.) The first integer is the number of rows in the test case, and the remaining integers are the values of the unit triangles specified in a topdown, lefttoright order. (the first test case in the example below is the same as the one in the figure.) The last line of the input file contains the number 0 (which is not part of the test cases.)The maximum number of rows is 400. The absolute value of a unit triangle is less than 1000. 样例输入: 3 6 24 0 12 10 12 40 4 6 4 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 样例输出: 1. 54 2. 4
 回答 2 已采纳 Problem Description T. E. Lawrence was a controversial figure during World War I. He was a British officer who served in the Arabian theater and led a group of Arab nationals in guerilla strikes against the Ottoman Empire. His primary targets were the railroads. A highly fictionalized version of his exploits was presented in the blockbuster movie, "Lawrence of Arabia". You are to write a program to help Lawrence figure out how to best use his limited resources. You have some information from British Intelligence. First, the rail line is completely linearthere are no branches, no spurs. Next, British Intelligence has assigned a Strategic Importance to each depotan integer from 1 to 5. A depot is of no use on its own, it only has value if it is connected to other depots. The Strategic Value of the entire railroad is calculated by adding up the products of the Strategic Values for every pair of depots that are connected, directly or indirectly, by the rail line. Consider this railroad: ![](http://acm.hdu.edu.cn/data/images/con22810031.JPG) Its Strategic Value is 4*5 + 4*1 + 4*2 + 5*1 + 5*2 + 1*2 = 49. Now, suppose that Lawrence only has enough resources for one attack. He cannot attack the depots themselvesthey are too well defended. He must attack the rail line between depots, in the middle of the desert. Consider what would happen if Lawrence attacked this rail line right in the middle: ![](http://acm.hdu.edu.cn/data/images/con22810032.JPG) The Strategic Value of the remaining railroad is 4*5 + 1*2 = 22. But, suppose Lawrence attacks between the 4 and 5 depots: ![](http://acm.hdu.edu.cn/data/images/con22810033.JPG) The Strategic Value of the remaining railroad is 5*1 + 5*2 + 1*2 = 17. This is Lawrence's best option. Given a description of a railroad and the number of attacks that Lawrence can perform, figure out the smallest Strategic Value that he can achieve for that railroad. Input There will be several data sets. Each data set will begin with a line with two integers, n and m. n is the number of depots on the railroad (1≤n≤1000), and m is the number of attacks Lawrence has resources for (0≤m<n). On the next line will be n integers, each from 1 to 5, indicating the Strategic Value of each depot in order. End of input will be marked by a line with n=0 and m=0, which should not be processed. Output For each data set, output a single integer, indicating the smallest Strategic Value for the railroad that Lawrence can achieve with his attacks. Output each integer in its own line. Sample Input 4 1 4 5 1 2 4 2 4 5 1 2 0 0 Sample Output 17 2
 回答 1 已采纳 Incredible Crazily Progressing Company (ICPC) suffered a lot with the low speed of procedure. After investigation, they found that the bottleneck was at Absolutely Crowded Manufactory (ACM). In oder to accelerate the procedure, they bought a new machine for ACM. But a new problem comes, how to place the new machine into ACM? ACM is a rectangular factor and can be divided into W * H cells. There are N retangular old machines in ACM and the new machine can not occupy any cell where there is old machines. The new machine needs M consecutive cells. Consecutive cells means some adjacent cells in a line. You are asked to calculate the number of ways to choose the place for the new machine. Input There are multiple test cases (no more than 50). The first line of each test case contains 4 integers W, H, N, M (1 ≤ W, H ≤ 107, 0 ≤ N ≤ 50000, 1 ≤ M ≤ 1000), indicating the width and the length of the room, the number of old machines and the size of the new machine. Then N lines follow, each of which contains 4 integers Xi1, Yi1, Xi2 and Yi2 (1 ≤ Xi1 ≤ Xi2 ≤ W, 1 ≤ Yi1 ≤ Yi2 ≤ H), indicating the coordinates of the ith old machine. It is guarantees that no cell is occupied by two old machines. Output Output the number of ways to choose the cells to place the new machine in one line. Sample Input 3 3 1 2 2 2 2 2 3 3 1 3 2 2 2 2 2 3 2 2 1 1 1 1 2 3 2 3 Sample Output 8 4 3
 回答 1 已采纳 Consider polynomials whose coefficients are 0 and 1. Addition of two polynomials is achieved by 'adding' the coefficients for the corresponding powers in the polynomials. The addition of coefficients is performed by addition modulo 2, i.e., (0 + 0) mod 2 = 0, (0 + 1) mod 2 = 1, (1 + 0) mod 2 = 1, and (1 + 1) mod 2 = 0. Hence, it is the same as the exclusiveor operation. (x6 + x4 + x2 + x + 1) + (x7 + x + 1) = x7 + x6 + x4 + x2 Subtraction of two polynomials is done similarly. Since subtraction of coefficients is performed by subtraction modulo 2 which is also the exclusiveor operation, subtraction of polynomials is identical to addition of polynomials. (x6 + x4 + x2 + x + 1)  (x7 + x + 1) = x7 + x6 + x4 + x2 Multiplication of two polynomials is done in the usual way (of course, addition of coefficients is performed by addition modulo 2). (x6 + x4 + x2 + x + 1) (x7 + x + 1) = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1 Multiplication of two polynomials f(x) and g(x) modulo a polynomial h(x) is the remainder of f(x)g(x) divided by h(x). (x6 + x4 + x2 + x + 1) (x7 + x + 1) modulo (x8 + x4 + x3 + x + 1) = x7 + x6 + 1 The largest exponent of a polynomial is called its degree. For example, the degree of x7 + x6 + 1 is 7. Given three polynomials f(x), g(x), and h(x), you are to write a program that computes f(x)g(x) modulo h(x). We assume that the degrees of both f(x) and g(x) are less than the degree of h(x). The degree of a polynomial is less than 1000. Since coefficients of a polynomial are 0 or 1, a polynomial can be represented by d+1 and a bit string of length d+1, where d is the degree of the polynomial and the bit string represents the coefficients of the polynomial. For example, x7 + x6 + 1 can be represented by 8 1 1 0 0 0 0 0 1. Input The input consists of T test cases. The number of test cases (T) is given in the first line of the input. Each test case consists of three lines that contain three polynomials f(x), g(x), and h(x), one per line. Each polynomial is represented as described above. Output The output should contain the polynomial f(x)g(x) modulo h(x), one per line. Sample Input 2 7 1 0 1 0 1 1 1 8 1 0 0 0 0 0 1 1 9 1 0 0 0 1 1 0 1 1 10 1 1 0 1 0 0 1 0 0 1 12 1 1 0 1 0 0 1 1 0 0 1 0 15 1 0 1 0 1 1 0 1 1 1 1 1 0 0 1 Output for the Sample Input 8 1 1 0 0 0 0 0 1 14 1 1 0 1 1 0 0 1 1 1 0 1 0 0
 回答 2 已采纳 安装oracle11g（11204）grid standalone，在执行root.sh的时候卡在Adding Clusterware entries to inittab一直不动，/tmp/.oracle下面没有文件，查看/oracle/11204/grid_1/home/cfgtoollogs/crsconfig/roothas.log ...... 20190821 10:41:28: Executing /oracle/11204/grid_1/home/bin/crsctl create scr grid 20190821 10:41:28: Executing cmd: /oracle/11204/grid_1/home/bin/crsctl create scr grid 20190821 10:41:28: Registering ohasd 20190821 10:41:28: Executing cmd: /bin/rpm q slesrelease 20190821 10:41:28: Command output: > package slesrelease is not installed >End Command output 20190821 10:41:28: init file = /oracle/11204/grid_1/home/crs/init/init.ohasd 20190821 10:41:28: Copying file /oracle/11204/grid_1/home/crs/init/init.ohasd to /etc/init.d directory 20190821 10:41:28: Setting init.ohasd permission in /etc/init.d directory 20190821 10:41:28: init file = /oracle/11204/grid_1/home/crs/init/ohasd 20190821 10:41:28: Copying file /oracle/11204/grid_1/home/crs/init/ohasd to /etc/init.d directory 20190821 10:41:28: Setting ohasd permission in /etc/init.d directory 20190821 10:41:28: Executing cmd: /bin/rpm q slesrelease 20190821 10:41:28: Command output: > package slesrelease is not installed >End Command output 20190821 10:41:28: Removing "/etc/rc.d/rc3.d/S96ohasd" 20190821 10:41:28: Removing file /etc/rc.d/rc3.d/S96ohasd 20190821 10:41:28: Successfully removed file: /etc/rc.d/rc3.d/S96ohasd 20190821 10:41:28: Creating a link "/etc/rc.d/rc3.d/S96ohasd" pointing to /etc/init.d/ohasd 20190821 10:41:28: Removing "/etc/rc.d/rc5.d/S96ohasd" 20190821 10:41:28: Removing file /etc/rc.d/rc5.d/S96ohasd 20190821 10:41:28: Successfully removed file: /etc/rc.d/rc5.d/S96ohasd 20190821 10:41:28: Creating a link "/etc/rc.d/rc5.d/S96ohasd" pointing to /etc/init.d/ohasd 20190821 10:41:28: Removing "/etc/rc.d/rc0.d/K15ohasd" 20190821 10:41:28: Removing file /etc/rc.d/rc0.d/K15ohasd 20190821 10:41:28: Successfully removed file: /etc/rc.d/rc0.d/K15ohasd 20190821 10:41:28: Creating a link "/etc/rc.d/rc0.d/K15ohasd" pointing to /etc/init.d/ohasd 20190821 10:41:28: Removing "/etc/rc.d/rc1.d/K15ohasd" 20190821 10:41:28: Removing file /etc/rc.d/rc1.d/K15ohasd 20190821 10:41:28: Successfully removed file: /etc/rc.d/rc1.d/K15ohasd 20190821 10:41:28: Creating a link "/etc/rc.d/rc1.d/K15ohasd" pointing to /etc/init.d/ohasd 20190821 10:41:28: Removing "/etc/rc.d/rc2.d/K15ohasd" 20190821 10:41:28: Removing file /etc/rc.d/rc2.d/K15ohasd 20190821 10:41:28: Successfully removed file: /etc/rc.d/rc2.d/K15ohasd 20190821 10:41:28: Creating a link "/etc/rc.d/rc2.d/K15ohasd" pointing to /etc/init.d/ohasd 20190821 10:41:28: Removing "/etc/rc.d/rc4.d/K15ohasd" 20190821 10:41:28: Removing file /etc/rc.d/rc4.d/K15ohasd 20190821 10:41:28: Successfully removed file: /etc/rc.d/rc4.d/K15ohasd 20190821 10:41:28: Creating a link "/etc/rc.d/rc4.d/K15ohasd" pointing to /etc/init.d/ohasd 20190821 10:41:28: Removing "/etc/rc.d/rc6.d/K15ohasd" 20190821 10:41:28: Removing file /etc/rc.d/rc6.d/K15ohasd 20190821 10:41:28: Successfully removed file: /etc/rc.d/rc6.d/K15ohasd 20190821 10:41:28: Creating a link "/etc/rc.d/rc6.d/K15ohasd" pointing to /etc/init.d/ohasd 20190821 10:41:28: The file ohasd has been successfully linked to the RC directories 20190821 10:41:28: Executing cmd: /bin/rpm q slesrelease 20190821 10:41:28: Command output: > package slesrelease is not installed >End Command output SS S_OHASD state SUCCESS ' 20190821 10:41:28: Removing file /tmp/filea21cdK 20190821 10:41:28: Successfully removed file: /tmp/filea21cdK 20190821 10:41:28: /bin/su successfully executed 20190821 10:41:28: Succeeded in writing the checkpoint:'ROOTCRS_OHASD' with status:SUCCESS 20190821 10:41:28: CkptFile: /oracle/11204/grid_1/base/Clusterware/ckptGridHA_edippsdr.xml 20190821 10:41:28: Sync the checkpoint file '/oracle/11204/grid_1/base/Clusterware/ckptGridHA_edippsdr.xml' 20190821 10:41:28: Sync '/oracle/11204/grid_1/base/Clusterware/ckptGridHA_edippsdr.xml' to the physical disk 20190821 10:41:28: Starting ohasd 20190821 10:41:28: Executing cmd: /bin/rpm qf /sbin/init 20190821 10:41:28: Command output: > SysVinit2.8615.el5 >End Command output 20190821 10:41:28: itab entries=cssdevmdcrsdohasd 20190821 10:41:28: Executing /sbin/init q 20190821 10:41:28: Executing cmd: /sbin/init q 20190821 10:41:33: Created backup /etc/inittab.no_crs 20190821 10:41:33: Appending to /etc/inittab.tmp: 20190821 10:41:33: h1:35:respawn:/etc/init.d/init.ohasd run >/dev/null 2>&1 CRS4640: Oracle High Availability Services is already active > CRS4000: Command Start failed, or completed with errors. >End Command output 20190821 10:41:34: Executing /etc/init.d/ohasd install 20190821 10:41:34: Executing cmd: /etc/init.d/ohasd install 20190821 10:41:34: ohasd is already active 20190821 10:41:34: Started service 'ohasd' 20190821 10:41:34: Checking ohasd 20190821 10:41:34: Executing cmd: /oracle/11204/grid_1/home/bin/crsctl check has 因为本台服务器曾经是oracle10gRac的其中一个节点，改了一些参数，不知道是不是什么参数没设置好还是咋回事执行了超多次都卡在这....求大佬帮忙看看
 ThinkWon的博客 文章目录集合容器概述什么是集合集合的特点集合和数组的区别使用集合框架的好处常用的集合类有哪些？List，Set，Map三者的区别？List、Set、Map 是否继承自 Collection 接口？List、Map、Set 三个接口存取元素时，各...
 5年前Jacky的博客的博客 colnames(my_data)修改数据框的列名 t() ##互换数据框的行列 length(“”)统计字符数，空字符时计数为1 nchar(“”)统计字符数，空字符时计数为0 tolower()将字符转换为小写 toupper()将字符转换为大写 ...
 ninnyyan的博客 Design ideas of relational schema: Since the website will not be too complex, so I just design basic fields of the whole website logic. As for the tables “order_info” and “orderDetailRecord_info”...
 qq_37581947的博客 Adding GANTT diagram functionality to mermaid 关于 甘特图 语法，参考 这儿 , UML 图表 可以使用UML图表进行渲染。 Mermaid . 例如下面产生的一个序列图：: 张三 李四 王五 你好！李四, 最近怎么...
 dbLenis的博客 重点围绕数据建模方面做分析，因为这是本文的重点，介绍一份新的数据建模方式 Data Vault 2.0. ETL 最基本的构建来自于 转换和工作流。 工作流，作用是规划一条完整的数据转换流。 转换，是 ETL 最中心的组件。...
 Handoking的博客 日常声明：论文均来自于谷歌学术或者其他国外付费论文站，博主只是读论文，译论文，分享知识，如有侵权联系我删除，谢谢。同时希望和大家一起学习，有好的... Data Mining with Big Data 作者：Xindong Wu, Xingqu...
 错误“Error adding system: Data not available.”警告“GI output for inputsystem: 8589dc02183b182ccba8c3”的解决5年前张凯群的博客 运行没有别的问题，跳转另外一个场景后也没有问题，但是问题出现在停止运行之后，会出现“GI output for inputsystem: 8589dc02183b182ccba8c379604511a1 (f6038bfc6”警告与“Error adding syste
 iracer的博客 This article contains some topic about Logistic Regression, including twoclass classification, decision boundary and cost function of logistic regression.
 冬语的博客 mapred.YARNRunner: Job jar is not present. Not adding any jar to the list of resources.解决方案
 biongbiongdou的博客 联邦学习Google原文：《CommunicationEfficient Learning of Deep Networks from Decentralized Data》 最近研读了这篇提出了联邦学习（Federated Learning）的文章，并整理了详细的笔记，内容主要是对原文的理解和...
 回答 2 已采纳 caffe下 make clean后make all后出现 CXX/LD o .build_release/tools/convert_imageset.bin /usr/bin/ld: .build_release/tools/convert_imageset.o: undefined reference to symbol '_ZN6google14FlagRegistererC1EPKcS2_S2_S2_PvS3_' //usr/lib/x86_64linuxgnu/libgflags.so.2: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:626: recipe for target '.build_release/tools/convert_imageset.bin' failed make: *** [.build_release/tools/convert_imageset.bin] Error 1
 咖啡味儿的咖啡的博客 本文主要参考： Input Pipeline Performance Guide...三、使用tf.data API 1、Input Pipeline Structure 2、Optimizing Performance 改进1：使用pipline 改进2：Parallelize Data Transformation 改进3：P...