Vulnerability Management, Network Security

The 5 vulnerabilities this security firm encountered the most during pentesting in 2022

A woman is silhouetted against a projection of a password log-in dialog box.
Brute force attacks were among the most comment vulnerabilities security firm Lares encountered often while conducting penetration tests in 2022. (Photo by Leon Neal/Getty Images)

A global security assessment, testing and coaching firm released the five most common penetration test findings it encountered during hundreds of engagements in 2022. 

In a Jan. 18 press release, the Lares research team emphasized that its findings were the most frequently encountered during client engagements — not the most severe threats.

"As we wrapped up 2022, our surprise gave way to expectation, and we found ourselves genuinely surprised if one, or all, of the top five issues were not found on any given engagement," said Andrew Hay, Lares chief operating officer, in a news release. "Every single vulnerability described in our latest research paper can be avoided or eliminated through better cybersecurity hygiene practices."

Here are the top five vulnerabilities Lares researchers encountered:

  1. Brute forcing accounts with weak and guessable passwords
  2. Kerberoasting
  3. Excessive file system permissions
  4. WannaCry/EternalBlue
  5. WMI (Windows Management Instrumentation) lateral movement
Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.