Task #12943: [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure Direct Object Reference (IDOR) Android - BSN CDB Support - Penril Support System

Task #12943

Support #12933: [SCP ID :##6249##] : Mobile Pentest Remediation

[SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure Direct Object Reference (IDOR) Android

Added by Najmi Pasarudin over 2 years ago. Updated over 1 year ago.

Status:

Pending UAT Deployment

Start date:

April 22, 2022

Priority:

Normal

Due date:

Assignee:

Binti Marobi Athirah Umairah

% Done:

100%

Category:

PCI DSS - Pentest

Spent time:

Target version:

Description

Hi Fadhly, please update APK with the following requirment.

-no changes
IBAccountEnquiry/transactionHistory

- set linkedAccounts = null
IBOwnFundTransferServices/fundTransferDetails
IBLoanFundTransferServices/fundTransferDetails
IBCorpCardFundTransferServices/fundTransferDetails
IBThirdPartyFTServices/fundTransferDetails
IBInterbankFundTransferServices/fundTransferDetails
IBRppFundTransferServices/fundTransferDetails
IBRentasFundTransferServices/fundTransferDetails
IBNbpsPaymentServices/nbpsPaymentDetail

Test step:

Access mobile application
Access Transaction history
Check account list. Make sure it is the allowed account set by Corporate Admin.
Repeat testing at Details page for Own Account, Loan, Corporate Card, Third Party, Interbank, DuitNow, RENTAS, Bill Payment and Jompay.

Pentest Remediation_#12943.pdf (3.79 MB) Nurul Syahirah Md Nawi, April 26, 2022 12:11

History

#1 Updated by Najmi Pasarudin over 2 years ago

Category set to PCI DSS - Pentest

#2 Updated by Bin Hamzah Muhammad Fadhly over 2 years ago

Assignee changed from Bin Hamzah Muhammad Fadhly to Rahmat Aina Nadia

#3 Updated by Rahmat Aina Nadia over 2 years ago

Status changed from New - Begin Life Cycle to Development / Work In Progress

#4 Updated by Rahmat Aina Nadia over 2 years ago

Status changed from Development / Work In Progress to Internal Testing
Assignee changed from Rahmat Aina Nadia to Nurul Syahirah Md Nawi
% Done changed from 0 to 90

#5 Updated by Nurul Syahirah Md Nawi over 2 years ago

File Pentest Remediation_#12943.pdf added

Tested & passed

#6 Updated by Nurul Syahirah Md Nawi over 2 years ago

Assignee changed from Nurul Syahirah Md Nawi to Nurul Athira Abdul Rahim

#7 Updated by Nurul Athira Abdul Rahim over 2 years ago

Status changed from Internal Testing to System Integration Test

#8 Updated by Nurul Athira Abdul Rahim about 2 years ago

% Done changed from 90 to 100

#9 Updated by Nurul Athira Abdul Rahim over 1 year ago

Status changed from System Integration Test to Pending UAT Deployment
Assignee changed from Nurul Athira Abdul Rahim to Rahmat Aina Nadia

Please deploy this fixes to UAT.

Thanks

#10 Updated by Rahmat Aina Nadia over 1 year ago

Assignee changed from Rahmat Aina Nadia to Binti Marobi Athirah Umairah

Hi Umai,

kindly refer to the link below for the UAT APK. The APK link in the google sheet is also updated.

https://drive.google.com/file/d/1IaK9xpXygbTlXJWvJZZxvToz1U_Gamqi/view?usp=share_link

#11 Updated by Norhaidah Md Dasuki over 1 year ago

Tracker changed from Support to Task

Also available in: Atom PDF

B - Production Support » BSN CDB Support

Issues