Task #12566: Pentest_IBAM - No Client-Side Session Timeout [LOW] - BSN Corporate Digital Banking - Penril Support System

Task #12566

Task #12556: Pentest - 2nd Assessment [2021]

Pentest_IBAM - No Client-Side Session Timeout [LOW]

Added by Nurul Athira Abdul Rahim almost 3 years ago. Updated about 2 years ago.

Status:

Work Completed-End life cycle

Start date:

November 08, 2021

Priority:

Normal

Due date:

Assignee:

Nurul Athira Abdul Rahim

% Done:

90%

Category:

Penetration Test Issue

Spent time:

Target version:

Description

The application does not implement client-side session timeout to redirect browser to login or logout page. The lack of client-side session timeout implementation may lead to sensitive user data being exposed if the user intentionally or unintentionally leave the logged in session in their browser.

Solution provided by LGMS :
Consider implementing client-side session timeout to redirect the browser to login page upon session expired or user inactive for specific amount of time, alternatively, a dialog can be implemented to notify the user about session expiration and user can choose to continue the session if required.

'Affected URL:

https://10.10.55.34:9444/bsn-admin-uat/*

Action Plan:
To show warning (popup), after seconds (30s) if no action from user system will auto redirect to logout screen.

Admin L7 - session time out 1.jpg (524 KB) Nurul Athira Abdul Rahim, December 06, 2021 18:53

Admin L7 - session time out 2.jpg (283 KB) Nurul Athira Abdul Rahim, December 06, 2021 18:53

History

#1 Updated by Nurul Hasnieza Bt Mohd Zamri almost 3 years ago

Status changed from New - Begin Life Cycle to Finished Development
% Done changed from 0 to 80

#2 Updated by Nurul Hasnieza Bt Mohd Zamri almost 3 years ago

Status changed from Finished Development to Internal Testing
Assignee changed from Nurul Hasnieza Bt Mohd Zamri to Nurul Athira Abdul Rahim

SIT has been deployed. Kindly retest.