Update remediation_advice.json

bugcrowd · Nov 10, 2023 · 7aa1bec · 7aa1bec
1 parent a7c9ac9
commit 7aa1bec
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -1374,11 +1374,11 @@
             },
             {
               "id": "intra_environment",
-              "remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose.  When the same key is used for multiple purposes within the context of a single environment (e.g. individual customer in a multi-tenant application) an attacker can leverage knowledge of the key to gain unauthorized access to other information or privileges protected by the same key.  Ensure all application components, such as information and authentication tokens, are appropriately grouped into separate trust zones and protected by separate cryptographic keys.",
+              "remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose.  When the same key is used for multiple purposes within the context of a single environment (e.g. individual customer in a multi-tenant application) an attacker can leverage knowledge of the key to gain unauthorized access to other information or privileges protected by the same key.  Ensure all application components, such as information and authentication tokens, are appropriately grouped into separate trust zones and protected by separate cryptographic keys."
             },
             {
               "id": "inter_environment",
-              "remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose.  When the same key is used between multiple application contexts, such as different customer environments in a multi-tenancy application, an attacker can gain unauthorized access to other users' information and may be able to impersonate other users to achieve privilege escalation.  Ensure the application uses unique cryptographic keys for each application context and do not reuse keys across trust zones.",
+              "remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose.  When the same key is used between multiple application contexts, such as different customer environments in a multi-tenancy application, an attacker can gain unauthorized access to other users' information and may be able to impersonate other users to achieve privilege escalation.  Ensure the application uses unique cryptographic keys for each application context and do not reuse keys across trust zones."
             }
           ]
         },