|
WHID 2009-5: School data hacked, grades altered |
Insufficient Authentication |
Disinformation |
|
WHID 2009-38: Time's Poll For Most Influencial Hacked |
Cross Site Request Forgery (CSRF) Insufficient Anti Automation Insufficient Authentication |
Disinformation Link Spam |
|
WHID 2009-30: Sage SaaS Withdrawn Due to Security Flaws |
Insufficient Authentication Insufficient Authorization |
Monetary Loss |
|
WHID 2009-22: Federal Travel Booking Site Spreads Malware (Updated) |
Insufficient Authentication Misconfiguration |
Planting of Malware |
|
WHID 2009-2: Twitter accounts of the famous hacked (Updated) |
Brute Force Insufficient Authentication |
Defacement |
|
WHID 2009-17: Passwords are optional at SpeedDate |
Insufficient Authentication |
Leakage of Information |
|
WHID 2009-15: Kanye West has been Hacked |
Content Spoofing Insufficient Authentication |
Disinformation |
|
WHID 2008-47: The Federal Suppliers Guide validates login credential in JavaScript |
Insufficient Authentication |
Monetary Loss |
|
WHID 2008-13: Harvard site hacked and leaked on BitTorrent |
Insufficient Authentication |
Leakage of Information Downtime |
|
WHID 2007-60: The blog of a Cambridge University security team hacked |
Insufficient Authentication Known Vulnerability SQL Injection |
Downtime |
|
WHID 2007-44: Hacker Breaks Into eBay Server, Locks Users Out |
Insufficient Authentication |
Loss of Sales |
|
WHID 2007-35: Data lapse involved 51,000 at a hospital |
Insufficient Authentication |
Leakage of Information |
|
WHID 2007-28: US Embassy probes hacking of online visa appointment system |
Insufficient Authentication |
Disinformation |
|
WHID 2007-15: High School Hackers Cancel School With Fake Snow Day |
Insufficient Authentication |
Defacement |
|
WHID 2006-16: AstraTel customer call records leaked |
Insufficient Authentication |
|
|
WHID 2005-59: Vote Someone Else's Shares |
Insufficient Authentication Credential/Session Prediction |
Disclosure Only |
|
WHID 2005-5: Paris Hilton's T-Mobile online account hacked |
Insufficient Authentication Weak Password Recovery Validation OS Commanding |
|
|
WHID 2005-42: Default password in a common application used by schools |
Insufficient Authentication |
Disclosure Only |
|
WHID 2005-34: Man logs into dabs.com misc customer account |
Insufficient Authentication |
|
|
WHID 2005-33: Insufficient authorization on Verizon's MyAccount feature |
Credential/Session Prediction Insufficient Authentication |
Disclosure Only |
|
WHID 2005-3: Misconfiguration issues in paid wireless access and billing applications |
Insufficient Authentication Directory Indexing |
Leakage of Information |
|
WHID 2005-29: Security issues in interactive hotel TVs |
Credential/Session Prediction Insufficient Authentication |
Disclosure Only |
|
WHID 2005-12: Insufficient authentication on Arbela mutual insurance allowed access to private data |
Insufficient Authentication |
Disclosure Only |
|
WHID 2004-9: Billing and personal information leakage due to lack of authentication on a phone company web site |
Insufficient Authorization Insufficient Authentication |
Disclosure Only |
|
WHID 2004-18: Security flaw exposed in Cahoot bank accounts |
Predictable Resource Location Insufficient Authentication |
Disclosure Only |
