-
Common pentest findings include (from high to low):
-
Insufficient authentication controls - bypassing MFA (multi-factor authentication); password spraying.
-
Weak password policy - usage of common & breached passwords; public password policies.
-
Insufficient patching - outdated software with multiple vulnerabilities.
-
Default credentials - common default credentials such as cisco:cisco and admin:admin.
-
Insufficient encryption - using HTTP instead of HTTPS; web servers using weak or moderate strength ciphers.
-
Information disclosure - possible username enumeration; revealing unnecessary info in response headers; verbose errors.
-
Username enumeration - login portal prompts; 'forgot password' feature.
-
Default web pages - default landing webpages (info disclosure).
-
Open mail relays - misconfiguration in mail servers.
-
IKE aggressive mode - possibility of getting pre-shared key; low-risk.
-
Unexpected perimeter services - unusual services enabled externally such as RDP and telnet.
-
Insufficient traffic blocking - improper geo-blocking.
-
Undetected malicious activity - ineffective SIEM strategy; network and host-based monitoring required.
-
Historical account compromises - account info present in breached data.
-