Findings released by Machine without evidences
Incident Report for Fluid Attacks


At least two groups received vulnerability reports lacking associated evidence. The issue started on UTC-5 23-09-11 14:43 and was proactively discovered by one of our engagement managers, who reported it through our help desk [1]. He observed seven vulnerabilities across two groups with no corresponding evidence. The problem was resolved in 17 days (TTF).


After twenty-three days of observation, during which no further instances of vulnerabilities without evidence occurred, an exact cause was not identified. However, it is believed that connection errors during evidence loading may have been the cause, as no retry action was programmed to execute in case of failure.


To mitigate the issue in case of connection errors, a retry configuration was implemented [2], allowing up to three automatic attempts to upload evidence in case of failure. Additionally, loggers were added to enhance traceability in the event of any errors [3].


The lack of detailed loggers made it challenging to pinpoint a specific cause, prompting the addition of loggers as a preventive measure to provide support if similar incidents recur. LACK_OF_TRACEABILITY

Posted Sep 21, 2023 - 22:44 GMT-05:00

The problem was resolved and the evidence is being uploaded normally.
Posted Sep 21, 2023 - 10:03 GMT-05:00
Released findings have been found without associated evidence.
Posted Aug 25, 2023 - 14:42 GMT-05:00
This incident affected: Web.