~/Cedric

The system allows information to be stored or modified without authentication of the authors Vulnerabilities

Possibility of eavesdropping on exchanges with authentication servers Vulnerabilities

The system allows asynchronous operation of certain parts or commands of the operating system (e.g. JavaScript components exploring the hard disc content) Vulnerabilities

The system allows relaying Vulnerabilities

The system can be used by all personnel Vulnerabilities

Possibility of introducing eavesdropping software on client terminals Vulnerabilities

Public access to the gateway Vulnerabilities

Use of a non-standard system Vulnerabilities

CNIL [fr] Recommendations

Liste des recommandations reprises du document "Analyse d'impact relative à la protection des données (AIPD) 3 : les bases de connaissances, édition février 2018" publié sur le site www.cnil.fr. Cette liste n'est pas validée par la CNIL.

Lack of a system hardening policy Vulnerabilities

Passwords? Default accounts? Default services? Is there a hardening procedure? Is it formal?