JavaScript : Undocumented feature: time bomb

Classification

OWASP ASVS

Malicious Code

CWE

CWE-506 CWE-511

Overview

The application uses a current time comparison. Authors of backdoors use this technique to activate malicious functionality at a given moment (timebomb).

When the time bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time.

References

CWE-511: Logic/Time Bomb
Date - developer.mozilla.org
CWE-506: Embedded Malicious Code

MEDIUM

JavaScript : Undocumented feature: time bomb

Classification

Overview

References

DerScanner Severity Score

Do you want to fix JavaScript : Undocumented feature: time bomb in your application?

See also

JavaScript : Null salt

JavaScript : Empty encryption key

JavaScript : Unsafe Azure access control