Findings released by Machine without evidences
Incident Report for Fluid Attacks
Postmortem

Impact

At least two groups received vulnerability reports lacking associated evidence. The issue started on UTC-5 23-09-11 14:43 and was proactively discovered by one of our engagement managers, who reported it through our help desk [1]. He observed seven vulnerabilities across two groups with no corresponding evidence. The problem was resolved in 17 days (TTF).

Cause

After twenty-three days of observation, during which no further instances of vulnerabilities without evidence occurred, an exact cause was not identified. However, it is believed that connection errors during evidence loading may have been the cause, as no retry action was programmed to execute in case of failure.

Solution

To mitigate the issue in case of connection errors, a retry configuration was implemented [2], allowing up to three automatic attempts to upload evidence in case of failure. Additionally, loggers were added to enhance traceability in the event of any errors [3].

Conclusion

The lack of detailed loggers made it challenging to pinpoint a specific cause, prompting the addition of loggers as a preventive measure to provide support if similar incidents recur. LACK_OF_TRACEABILITY

Posted Sep 21, 2023 - 22:44 GMT-05:00
Resolved
The problem was resolved and the evidence is being uploaded normally.
Posted Sep 21, 2023 - 10:03 GMT-05:00
Identified
Released findings have been found without associated evidence.
Posted Aug 25, 2023 - 14:42 GMT-05:00
This incident affected: Web.
Current Status Powered by Atlassian Statuspage