Insufficient Patching

Overview

The issue with most organizations isn't Insufficient Patching but rather Weak/Breached Password. However this doesn't mean that there aren't patching issues out there. It can range from out of date software to something more significant like RCE on an application or system.

Check the versions of applications and software you come across in the engagement to make sure they're all up to date

Example 1

Vulnerable server hosting Netscale
Scanner flagging as vulnerable
More evidence and Remediation

Example 2

Simple PHP server that is out of date. In risk section CYA language is used
Evidence and Remediation
PreviousWeak Password PolicyNextDefault Credentials

Last updated

Was this helpful?