Security Findings
Prioritized vulnerabilities discovered during penetration testing
1
Critical
1
High
1
Medium
1
Low
| Impact | Finding | Description | Proof | Actions |
|---|---|---|---|---|
| CRITICAL | Weak Active Directory Passwords | Multiple user accounts have weak passwords that can be cracked within minutes using common password lists. |  | |
| HIGH | Unpatched Apache Server (CVE-2021-41773) | Apache HTTP Server 2.4.49 is vulnerable to path traversal and remote code execution. |  | |
| MEDIUM | SQL Injection in Login Form | The login form is vulnerable to SQL injection attacks, allowing unauthorized database access. |  | |
| LOW | Missing Security Headers | Web application is missing critical security headers (CSP, X-Frame-Options, HSTS). |  |