This page documents the categorization of all Security Findings found on the scans run by Coalition Control.
| Category | Definition |
| Encryption | Services that may be accessible without an encryption layer. Example: an HTTP server that is accessible without SSL/TLS for secure communication. |
| Storage | Databases or storage systems that are publicly exposed and remotely accessible. Potential for data-exfiltration. |
| IOT | IOT devices that are publicly exposed and remotely accessible. These include, but are not limited to: Smart TVs, Cameras, Embedded Servers, Sensors. Potential for data-exfiltration. |
| Malware | Malicious programs that are publicly exposed and remotely accessible. These include, but are not limited to: Trojans, Backdoors, Worms. Potential for data-exfiltration, unrestrained remote access, etc. Indicates a potential infection. |
| SSL/TLS |
Issues with SSL/TLS certificates, which may be expired and/or invalid or matched with known malicious software. A hacker can take advantage of a website with an expired SSL certificate and create a fake website that is identical to it. An invalid certificate means that others cannot validate your identity. |
| Remote |
Remote access technologies that are publicly exposed and remotely accessible. These are usually technologies that grant full access to systems remotely. These include, but are not limited to: RDP, VNC, X11, Telnet, Powershell. |
| Web |
Web Server missing security configurations such as headers and/or exposing high access endpoints that should not be publicly exposed. |
| DNS |
DNS configurations or lack thereof that are considered unsafe. |
| Token |
Exposed configurations that can contain credentials and/or information pieces that should have been kept private. Credentials with a big scope of access may grant an attacker with the ability of controlling respective systems. |
| CVE |
Known vulnerabilities that were identified on software that is publicly exposed. Potential for remote access, data-exfiltration, etc. |
| EOL |
Outdated software that is no longer getting security updates. Upgrading to a newer version is advised. |
| Malicious List |
Asset found on public lists of bad assets. Causes of listing include, but are not limited to: spam, malware, phishing. |
| Virtualization |
Exposed virtualization software. |
| Exposed Critical Software |
Software that is publicly exposed and remotely accessible and grants access to critical resources or data. |