Support #12165
[SCP ID :##5945##] : RPP BO Portal Web Application Security Assessment
Status: | Closed - End of life cycle | Start date: | August 05, 2021 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
The security assessment on RPP BO Portal was completed with 1 Medium and 2 Low severity findings discovered. The majority of the findings discovered were related to Indirect Object Reference (IDOR) vulnerability.
Please attachment of pentest result for your action.
History
#1 Updated by Ngoh Chee Onn about 3 years ago
- Status changed from New - Begin Life Cycle to Pending Customer Feedback
- Assignee changed from Ngoh Chee Onn to Zahir Abd Latif
- % Done changed from 0 to 90
Hi Zahir,
The fixed war and source files have been uploaded to Penril Customer Support Portal for customer to download. Fixed details as below:
3.1.1 Authenticated IDOR: Merchant User Maintenance
Fixes: merchantUserId will be shown as an encrypted parameter, which the hacker was not able to insert other values to view other merchant user information.
3.1.2 Authenticated IDOR: Merchant Audit Trail
Fixes: viewActivityID will be shown as an encrypted parameter, which the hacker was not able to insert other values to view other merchant activities.
3.1.3 Usage of Vulnerable Components
Fixes: Upgrade bootstrap library to 3.4.1 and upgrade jquery library to 3.5.1
Links and path of application can be seen from app.config.js file
Fixes: Upgrade app.config.js to new version, which will not expose the link and path.
#2 Updated by Zahir Abd Latif about 3 years ago
- Status changed from Pending Customer Feedback to Closed - End of life cycle
- % Done changed from 90 to 100
Issue closed in SCP.