vulnerability is an existing flaw or a weakness in the security of the
system. It could be used to target or exploit the system which makes the
system insecure, this might comprise the system. In simple words it is
loophole that will allow an attacker to enter the system bypassing
various authentication. (CEH v9) Finding vulnerabilities is one of the
basic and very important step in the information gathering stage of the
attack because it helps in understanding the deficiency in the system
that needs immediate actions to avoid the attack from happening in the
are also not specific to any technology or device. To prevent any
vulnerability, it is important for the person to stay updated on the
addressing of the vulnerability and do the needful to update the system
with the latest security patch that is available for it. (Perrin 2009).
Some vulnerabilities can cause a complete system failure
Some of the common vulnerabilities that are found are:
Buffer Overflow – When data is stored in the buffer more than it can store causes it crash.
Injection Vulnerabilities – Manipulated data is passed to the system to acquire customized outputs.
User Access Management –
Mismanagement in providing the rights to access or write the files to
unprivileged users in the group or network.
Missing Data Encryption – Not having a encryption on data can make it easy for the attacker to intercept and read the data.
Social Engineering – Manipulating the victim to give up the credentials or privileged information regarding the system.
example: When an application connecting to a FTP server, Connects the
session in plaintext. When the server was configured to conduct SSL
sessions is a security vulnerability since the SSL Specification call
for encrypted session was constituted. (Microsoft) The fault in the
application is that it could not connect securely using the widely
accepted standards that are followed.