Support #12949
[SCP ID :##6257##] : eCustody Web APP Pentest findings FY2022
Status: | Closed - End of life cycle | Start date: | April 25, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
Need assist to check below Source code which findings based on UAT codes.
Pls assist to check and revert whether It has same impact at Production codes.
If Yes, then we need to fix it. Attach finding reports for your reference.
Assessment
Application Name
Apps Owner
Status
Severity
Finding Details
Source Code Review
e-Custody
Poo Balan A/L Jairam
OPEN
HIGH
Unsupported Algorithms (DES nor DESede)
History
#1 Updated by Najmi Pasarudin over 2 years ago
- Assignee changed from Najmi Pasarudin to Siti Nursyahira Suhaimi
#2 Updated by Siti Nursyahira Suhaimi over 2 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
#3 Updated by Siti Nursyahira Suhaimi over 2 years ago
- % Done changed from 0 to 50
#4 Updated by Siti Nursyahira Suhaimi over 2 years ago
- % Done changed from 50 to 90
#5 Updated by Siti Nursyahira Suhaimi over 2 years ago
- Status changed from Development / Work In Progress to Pending Customer Feedback
Issues:
Source Code review, Data Encryption Standard (DES) is no longer considered secure to use.
Findings:
The DES method is currently unused on any module inside eCustody.
Solution:
Comment/Remove the DES method.
#6 Updated by Zahir Abd Latif over 2 years ago
- Assignee changed from Siti Nursyahira Suhaimi to Zahir Abd Latif
- % Done changed from 90 to 100
#7 Updated by Zahir Abd Latif over 2 years ago
- Status changed from Pending Customer Feedback to Closed - End of life cycle
Issue closed in SCP.