Home A - Z
Page Index

Blame

05fa81 Claude (MCP) 2026-03-16 04:56:51
[mcp] Add OWASP 2025 audit findings
1 
---
2
category: reference
3
tags: [security, owasp, audit]
4
last_updated: 2026-03-16
5
confidence: high
6
---
7
8
# OWASP 2025 Audit
9
10
## Executive Summary
11
12
| # | Category | Score |
13
|---|----------|-------|
14
| A01 | Broken Access Control | 6/10 |
15
| A02 | Cryptographic Failures | 6/10 |
16
| A03 | Injection | 7/10 |
17
| A04 | Insecure Design | 7/10 |
18
| A05 | Security Misconfiguration | 6/10 |
19
| A06 | Vulnerable and Outdated Components | 5/10 |
20
| A07 | Identification and Authentication Failures | 6/10 |
21
| A08 | Software and Data Integrity Failures | 7/10 |
22
| A09 | Security Logging and Monitoring Failures | 5/10 |
23
| A10 | Server-Side Request Forgery / Other | 6/10 |
24
25
---
26
27
## Critical/High Findings (Fixed)
28
29
These four issues are being addressed in the current sprint on `feat/consent-csrf` and `feat/wiki-slug-consent-param`.
30
31
1. **Open redirect via `return_to`** — Unvalidated redirect target after OAuth login could send users to attacker-controlled URLs. Fixed on `feat/consent-csrf`.
32
2. **Default Flask secret key** — Flask session signing key was not set, falling back to a hardcoded default. Fixed on `feat/consent-csrf`.
33
3. **Non-tenant passthrough grants full ADMIN** — A missing tenant check in the passthrough auth path allowed any authenticated user to receive ADMIN-level access. Fixed on `feat/consent-csrf`.
34
4. **Consent key derived from PEM header only** — The consent nonce was derived from a non-secret prefix of the PEM key, making it predictable. Fixed on `feat/consent-csrf` + `feat/wiki-slug-consent-param`.
35
36
---
37
38
## Remaining Findings (Prioritized)
39
40
### High Priority (address soon)
41
42
| Finding | OWASP Category |
43
|---------|---------------|
44
| Unpinned git deps in Ansible deploy | A03, A08 |
45
| No version pinning / lock files | A03 |
46
| No security response headers | A02 |
47
| No rate limiting | A06, A07 |
48
| Bcrypt linear scan DoS | A06, A07 |
49
| No security logging | A09 |
50
51
### Medium Priority
52
53
| Finding | OWASP Category |
54
|---------|---------------|
55
| Bearer token not wiki-scoped IDOR | A01 |
56
| `assert` used as security guards | A10 |
57
| `did:plc` resolution has no timeout | A07, A10 |
58
| Unbounded `find_orphaned_notes` fan-out | A10 |
59
| ATProto tokens stored plaintext | A07, A08 |
60
| Wiki count TOCTOU race | A06 |
61
| Quota cron wrong path | A06 |
62
| `debug=True` in `__main__` blocks | A02 |
63
64
### Low Priority
65
66
| Finding | OWASP Category |
67
|---------|---------------|
68
| Open DCR on MCP server | A06, A07 |
69
| DELETE excluded from quota enforcement | A01, A06 |
70
| `application = None` on startup failure | A10 |
71
| Silent `except: pass` in rollback paths | A10 |
72
| No upper bound on git-upload-pack body size | A10 |
73
74
---
75
76
## Methodology
77
78
10 parallel Sonnet agents were run, one per OWASP Top 10 category, auditing the `robot.wtf` and `otterwiki-mcp` repos. Findings were cross-validated — the same issues were independently flagged by multiple auditors, increasing confidence in the critical findings.