Task #12583
Task #12556: Pentest - 2nd Assessment [2021]
Pentest_CDB - No Client-Side Session Timeout [LOW]
Status: | Work Completed-End life cycle | Start date: | November 09, 2021 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Nurul Athira Abdul Rahim | % Done: | 100% | |
Category: | Penetration Test Issue | Spent time: | - | |
Target version: | - |
Description
The application does not implement client-side session timeout to redirect browser to login or logout page. The lack of client-side session timeout implementation may lead to sensitive user data being exposed if the user intentionally or unintentionally leave the logged in session in their browser.
Solution provided by LGMS :
'Consider implementing client-side session timeout to redirect the browser to login page upon session expired or user inactive for specific amount of time, alternatively, a dialog can be implemented to notify the user about session expiration and user can choose to continue the session if required.
'Affected URL:
https://10.10.55.34:9444/bsn-cdb-uat/*
Action Plan:
To show warning (popup), after seconds (30s) if no action from user system will auto redirect to logout screen.
History
#1 Updated by Nurul Hasnieza Bt Mohd Zamri almost 3 years ago
- Status changed from New - Begin Life Cycle to Finished Development
- % Done changed from 0 to 80
#2 Updated by Nurul Hasnieza Bt Mohd Zamri almost 3 years ago
- Status changed from Finished Development to Internal Testing
- Assignee changed from Nurul Hasnieza Bt Mohd Zamri to Nurul Athira Abdul Rahim
SIT has been deployed. Kindly retest.
#3 Updated by Nurul Athira Abdul Rahim almost 3 years ago
- File Admin L7 - session time out 2.jpg added
- Status changed from Internal Testing to Development / Work In Progress
- Assignee changed from Nurul Athira Abdul Rahim to Nurul Hasnieza Bt Mohd Zamri
To standardize the end screen with IBAM
#4 Updated by Nurul Hasnieza Bt Mohd Zamri almost 3 years ago
- Status changed from Development / Work In Progress to Internal Testing
- Assignee changed from Nurul Hasnieza Bt Mohd Zamri to Nurul Athira Abdul Rahim
SIT deploy on 09/12/2021. Kindly retest
#5 Updated by Nurul Athira Abdul Rahim almost 3 years ago
- Status changed from Internal Testing to System Integration Test
- % Done changed from 80 to 90
#6 Updated by Najmi Pasarudin over 2 years ago
- Status changed from System Integration Test to Pending Prod Deployment
- Assignee changed from Nurul Athira Abdul Rahim to Najmi Pasarudin
#7 Updated by Najmi Pasarudin over 2 years ago
- Status changed from Pending Prod Deployment to Pending Review
- Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim
Production deployed on 4/3/2022
#8 Updated by Nurul Athira Abdul Rahim about 2 years ago
- Status changed from Pending Review to Work Completed-End life cycle
- % Done changed from 90 to 100