Task #12968
Support #12933: [SCP ID :##6249##] : Mobile Pentest Remediation
[SCP ID :##6249##] : Mobile Pentest Remediation L1 Missing Function Level Access Control (MFLAC)
| Status: | Internal Testing | Start date: | May 10, 2022 | ||
|---|---|---|---|---|---|
| Priority: | Normal | Due date: | |||
| Assignee: |  Nurul Athira Abdul Rahim | % Done: | 90% | ||
| Category: | - | Spent time: | - | ||
| Target version: | - |
Description
Issue: Restful allows Payment and eStatement without password login
Finding: Restful relies on mobile password login popup. LGMS can bypass the popup.
Solution: Add database mobile login status and check at every transaction
Test step:
Finding: Restful relies on mobile password login popup. LGMS can bypass the popup.
Solution: Add database mobile login status and check at every transaction
Test step:
- Access mobile application
- Enter login password
- Access Payment and Transfer
- Make Own account transfer
- Expected result, transfer status is successful/pending approval
- Repeat testing for Loan, Corporate Card, Third Party, Interbank, DuitNow, RENTAS, Bill Payment and Jompay
- Repeat testing for Android and IOS
Related issues
History
#1
Updated by Najmi Pasarudin over 2 years ago
- Description updated (diff)
#2
Updated by Najmi Pasarudin over 2 years ago
- Subject changed from Mobile Pentest Remediation L1 Missing Function Level Access Control (MFLAC) to [SCP ID :##6249##] : Mobile Pentest Remediation L1 Missing Function Level Access Control (MFLAC)
#3
Updated by Najmi Pasarudin over 2 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
#4
Updated by Najmi Pasarudin over 2 years ago
- Description updated (diff)
#5
Updated by Najmi Pasarudin over 2 years ago
- % Done changed from 0 to 50
#6
Updated by Najmi Pasarudin over 2 years ago
- Status changed from Development / Work In Progress to Pending SIT Deployment
- % Done changed from 50 to 90
#7
Updated by Najmi Pasarudin over 2 years ago
- Status changed from Pending SIT Deployment to Finished Development
#8
Updated by Najmi Pasarudin over 2 years ago
- Status changed from Finished Development to Internal Testing
#9
Updated by Najmi Pasarudin over 2 years ago
- Assignee changed from Najmi Pasarudin to Nurul Syahirah Md Nawi
Test steps refer to Description
#10
Updated by Nurul Athira Abdul Rahim about 2 years ago
- Status changed from Internal Testing to Development / Work In Progress
- Assignee changed from Nurul Syahirah Md Nawi to Najmi Pasarudin
#11
Updated by Najmi Pasarudin about 2 years ago
- Status changed from Development / Work In Progress to Internal Testing
- Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim
Hi Athira,
Attached is response image,L1_result20220718.png.
- Access mobile apk
- Login using fingerprint login
- Bypass login password page - requires Mobile Team help
- Access Own account transfer or any transaction module
- Expected result, get error "Please proceed to normal login."
#12
Updated by Najmi Pasarudin about 2 years ago
- File L1_update20220718.png added
- File L1_result20220718.png added
#13
Updated by Nurul Athira Abdul Rahim over 1 year ago
- Assignee changed from Nurul Athira Abdul Rahim to Rahmat Aina Nadia
Aina and felix o test this issue on local.
To provide another APK to test this item, seperate with other item.
#14
Updated by Rahmat Aina Nadia over 1 year ago
- File fingerprint_bypasslogin_L6.jpg added
- Assignee changed from Rahmat Aina Nadia to Nurul Athira Abdul Rahim
Hi Athira,
mobile has tested this scenario.
However, we didn't get the expected error "Please proceed to normal login."
We get "Service is currently Unavailable". Please refer to the image attached.
#15
Updated by Norhaidah Md Dasuki over 1 year ago
- Tracker changed from Support to Task