Weaknesses
NodeZero's identifies and surfaces many weaknesses that it finds during a pentest. These weaknesses
are identified by a Common Vulnerabilities and Exposures (CVE) identifier (e.g. CVE-2021-44228), or a Horizon3.ai weakness
identifier (e.g. H3-2022-0001).
This page provides a reference for Horizon3.ai Weaknesses identified by NodeZero. For information on CVEs identified by NodeZero, please reference the official CVE website maintained by MITRE.
| Weakness ID | Name |
|---|---|
| H3-2020-0002 | Anonymous Access to ZooKeeper API |
| H3-2020-0003 | Anonymous Access to Printer using PJL or PS |
| H3-2020-0004 | Zone Transfer Allowed to Any Server |
| H3-2020-0005 | Anonymous FTP Enabled |
| H3-2020-0007 | SMB Null Session Allowed |
| H3-2020-0008 | Guest Account Enabled |
| H3-2020-0009 | Weak NFS Export Permissions |
| H3-2020-0010 | NFS UID/GID Manipulation Possible |
| H3-2020-0016 | Insecure IPMI Implementation |
| H3-2020-0017 | IPMI Cipher Zero Vulnerability |
| H3-2020-0021 | Unauthenticated Access to the Jenkins Script Console |
| H3-2020-0022 | Insecure Java JMX Configuration |
| H3-2020-0023 | Apache Hadoop YARN ResourceManager Unauthenticated Command Execution |
| H3-2020-0030 | Android Debug Bridge (ADB) over TCP Enabled |
| H3-2021-0001 | Public Access to Amazon S3 Bucket |
| H3-2021-0002 | Subdomain Takeover |
| H3-2021-0003 | Unauthenticated Access to Sensitive Kubelet API Endpoints |
| H3-2021-0004 | Kubernetes Privileged Container Exposure |
| H3-2021-0005 | Unauthenticated Kubelet API Remote Code Execution Vulnerability |
| H3-2021-0006 | Unauthenticated Kubernetes API Server Access |
| H3-2021-0007 | Kubernetes Service Account Token Exposure |
| H3-2021-0008 | Unauthenticated Etcd Access |
| H3-2021-0009 | Unauthenticated Docker Registry API Access |
| H3-2021-0010 | Unauthenticated Docker Engine API Access |
| H3-2021-0011 | Kerberos Pre-Authentication Disabled |
| H3-2021-0012 | Weak or Default Credentials - FTP |
| H3-2021-0013 | Weak or Default Credentials - Telnet |
| H3-2021-0014 | Weak or Default Credentials - SSH |
| H3-2021-0015 | Weak or Default Credentials - SNMP |
| H3-2021-0016 | Weak or Default Credentials - Microsoft SQL Server |
| H3-2021-0017 | Weak or Default Credentials - MySQL |
| H3-2021-0018 | Weak or Default Credentials - Postgres |
| H3-2021-0019 | Weak or Default Credentials - Password Spray |
| H3-2021-0020 | Weak or Default Credentials - Cracked Credentials |
| H3-2021-0021 | Weak or Default Credentials - Web Applications |
| H3-2021-0024 | Dangling DNS Record |
| H3-2021-0029 | AWS Unrestricted Assume Role Access |
| H3-2021-0030 | SMB Signing Not Required |
| H3-2021-0031 | Public Access to Git Repository |
| H3-2021-0032 | Credential Reuse |
| H3-2021-0033 | mDNS Poisoning Possible |
| H3-2021-0034 | LLMNR Poisoning Possible |
| H3-2021-0035 | NBT-NS Poisoning Possible |
| H3-2021-0036 | Unauthenticated Access to Elasticsearch |
| H3-2021-0037 | Werkzeug Debug Console Enabled |
| H3-2021-0038 | Kerberoasting |
| H3-2021-0039 | Unrestricted Sudo Privileges |
| H3-2021-0040 | AWS Instance Metadata Service v1 Exposed |
| H3-2021-0041 | Apache Druid Server-Side Request Forgery Vulnerability |
| H3-2021-0042 | Credential Dumping - Security Account Manager (SAM) Database |
| H3-2021-0043 | Credential Dumping - Local Security Authority (LSA) Secrets |
| H3-2021-0044 | Credential Dumping - Local Security Authority Subsystem Service (LSASS) Memory |
| H3-2021-0045 | Credential Dumping - /etc/shadow File |
| H3-2021-0046 | Credential Dumping - Active Directory Services Database (NTDS) |
| H3-2021-0047 | JBoss Application Server HTTP Invoker Remote Code Execution Vulnerability |
| H3-2022-0001 | Web Application Cross Site Scripting Vulnerability |
| H3-2022-0002 | Azure Multi-Factor Authentication Disabled |
| H3-2022-0003 | Remote Desktop Protocol (RDP) Port Exposed to the Internet |
| H3-2022-0004 | Server Message Block (SMB) Port Exposed to the Internet |
| H3-2022-0005 | Secure Socket Shell (SSH) Port Exposed to the Internet |
| H3-2022-0006 | Database Port Exposed to the Internet |
| H3-2022-0007 | Telnet Port Exposed to the Internet |
| H3-2022-0008 | File Transfer Protocol (FTP) Port Exposed to the Internet |
| H3-2022-0009 | Simple Network Management Protocol (SNMP) Port Exposed to the Internet |
| H3-2022-0010 | Risky Port Exposed to the Internet |
| H3-2022-0012 | Unauthenticated Access to Jira Dashboards |
| H3-2022-0015 | Web Application Path Traversal Vulnerability |
| H3-2022-0016 | Active Directory Certificate Services Misconfiguration Privilege Escalation - Subject Alternative Name |
| H3-2022-0017 | Active Directory Certificate Services Misconfiguration Privilege Escalation - Any Purpose or No (aka SubCA) EKU Misconfiguration |
| H3-2022-0018 | Active Directory Certificate Services Misconfigured Enrollment Agent Template |
| H3-2022-0019 | Active Directory Certificate Services Misconfigured Template Requires Enrollment Agent Signature |
| H3-2022-0020 | Active Directory Certificate Services Misconfigured Template Access Controls |
| H3-2022-0021 | Active Directory Certificate Services Domain Escalation via Vulnerable PKI AD Object Access Controls |
| H3-2022-0022 | Active Directory Certificate Services - EDITF_ATTRIBUTESUBJECTALTNAME2 flag set |
| H3-2022-0023 | Active Directory Certificate Services: Vulnerable Certificate Authority Access Control |
| H3-2022-0024 | Active Directory Certificate Services Misconfiguration: NTLM Relay to AD CS HTTP Endpoint |
| H3-2022-0025 | Unauthenticated Access to Kibana |
| H3-2022-0026 | Unauthenticated Access to Kubeflow |
| H3-2022-0027 | Unauthenticated Access to Jupyter |
| H3-2022-0028 | Unauthenticated Access to Apache Solr |
| H3-2022-0029 | Unauthenticated Access to ThoughtWorks GoCD |
| H3-2022-0030 | Unauthenticated Access to Paessler PRTG Network Monitor |
| H3-2022-0031 | Unauthenticated Access to Mongo Express |
| H3-2022-0032 | Unauthenticated Access to Prometheus Alertmanager |
| H3-2022-0033 | Unauthenticated Access to Jenkins People Directory |
| H3-2022-0034 | Anonymous Access to Zoho ManageEngine ADManager Plus Employee Search |
| H3-2022-0035 | Unauthenticated Access to JavaMelody Monitoring Console |
| H3-2022-0036 | Guest Access to Zabbix Dashboards |
| H3-2022-0037 | Laravel Debug Mode Enabled |
| H3-2022-0038 | Ruby on Rails Debug Mode Enabled |
| H3-2022-0039 | Golang pprof Debugging Endpoint Enabled |
| H3-2022-0040 | Symfony Debug Mode Enabled |
| H3-2022-0041 | Symfony Profiler Enabled |
| H3-2022-0042 | Django Debug Mode Enabled |
| H3-2022-0043 | Backup File Exposure |
| H3-2022-0044 | Shell History File Exposure |
| H3-2022-0045 | PHPinfo Page Exposed |
| H3-2022-0046 | Rails Database Configuration File Exposure |
| H3-2022-0047 | Apache Tomcat Example Scripts Exposed |
| H3-2022-0048 | Apache Web Server Configuration File Exposure |
| H3-2022-0049 | IIS web.config File Exposure |
| H3-2022-0050 | PHP-FPM Configuration File Exposure |
| H3-2022-0051 | Symfony Configuration File Exposure |
| H3-2022-0052 | Ansible Configuration File Exposure |
| H3-2022-0054 | CGI Test Script Exposed |
| H3-2022-0055 | phpMyAdmin Setup Page Exposed |
| H3-2022-0056 | Anonymous Deployment Privileges in JFrog Artifactory |
| H3-2022-0057 | jQuery File Upload Widget Exposed |
| H3-2022-0058 | Jolokia Local File Inclusion Misconfiguration |
| H3-2022-0059 | Spring Boot Configuration Properties Actuator Exposed |
| H3-2022-0060 | Spring Boot Env Actuator Exposed |
| H3-2022-0061 | Apache Web Server htpasswd File Exposure |
| H3-2022-0062 | Microsoft FrontPage service.pwd File Exposure |
| H3-2022-0063 | Private Keys Exposed on Web Server |
| H3-2022-0064 | Rails Secret Token Exposure |
| H3-2022-0065 | Unauthenticated Access to Apache Airflow |
| H3-2022-0066 | Git Repo Exposed on a Web Server |
| H3-2022-0067 | Weak or Default Credentials - MongoDB |
| H3-2022-0068 | Airflow Configuration Exposure |
| H3-2022-0069 | Web Directory Listing |
| H3-2022-0070 | Anonymous MongoDB Access |
| H3-2022-0071 | Jenkins Self-Signup Enabled |
| H3-2022-0072 | Apache Airflow Debug Mode Enabled |
| H3-2022-0073 | Microsoft Windows Machine Account NTLM Coercion via Authenticated LSARPC Spoofing |
| H3-2022-0074 | AWS Assume Role Access |
| H3-2022-0075 | Public-Facing Application Exposed with HTTP Basic Authentication |
| H3-2022-0076 | Unauthenticated AWS Cognito Role Has Non-Standard Permissions |
| H3-2022-0078 | Unauthenticated Gitlab User Enumeration |
| H3-2022-0079 | Credential Dumping - AWS Instance Metadata Service v2 |
| H3-2022-0080 | WordPress Unauthenticated User Enumeration |
| H3-2022-0081 | Atlassian Jira Unauthenticated User Enumeration via the User Picker Browser |
| H3-2022-0082 | Exposed Kubernetes Version |
| H3-2022-0083 | Anonymous Access to the Kubernetes Dashboard |
| H3-2022-0084 | Credential Reuse - Windows Local Administrator Accounts |
| H3-2022-0085 | Credential Reuse - Shared Windows Local User and Domain User Accounts |
| H3-2022-0086 | Domain User with Local Administrator Privileges |
| H3-2022-0087 | Password Reuse |
| H3-2022-0088 | Public Access to Amazon EC2 AMI |
| H3-2022-0089 | Public Access to Amazon EBS Snapshot |
| H3-2022-0090 | Public Access to Amazon RDS Snapshot |
| H3-2022-0093 | Weak or Default Credentials - Cracked Credentials from Active Directory Services Database (NTDS) |
| H3-2022-0095 | Password Reuse Found in Active Directory Services Database (NTDS) |
| H3-2023-0002 | Flask Authentication Bypass Misconfiguration |
| H3-2023-0003 | Pre-Windows 2000 Computer Set |
| H3-2023-0008 | AWS Multi-Factor Authentication Disabled |
| H3-2023-0009 | Kerberos Unconstrained Delegation |
| H3-2023-0010 | Kerberos Constrained Delegation |
| H3-2023-0011 | Microsoft Windows Machine Account NTLM Coercion via EventLog Remoting Protocol Manipulation |
| H3-2023-0012 | Microsoft Windows Machine Account NTLM Coercion via Print Spooler Protocol Manipulation |
| H3-2023-0013 | Authenticated Microsoft Windows Machine Account NTLM Coercion via File Server Remote VSS Protocol Manipulation |
| H3-2023-0014 | Authenticated Microsoft Windows Machine Account NTLM Coercion via Distributed File System Namespace Management Protocol Manipulation |
| H3-2023-0015 | Authenticated Microsoft Windows Machine Account NTLM Coercion via EventLog Remoting Protocol Manipulation |
| H3-2023-0016 | Authenticated Microsoft Windows Machine Account NTLM Coercion via Print Spooler Protocol Manipulation |
| H3-2023-0017 | Microsoft Windows Machine Account NTLM Coercion via File Server Remote VSS Protocol Manipulation |
| H3-2023-0018 | Microsoft Windows Machine Account NTLM Coercion via Distributed File System Namespace Management Protocol Manipulation |
| H3-2023-0019 | Credential Dumping - Data Protection API (DPAPI) Secrets |
| H3-2023-0020 | PaperCut File Upload Remote Code Execution Vulnerability |
| H3-2023-0021 | Phished Credential |
| H3-2023-0022 | PaperCut Arbitrary File Read and Deletion Vulnerability |