Support #13283
[SCP ID ID :##6484##] : VAPT Findings - BIF-102516 - Enumerasi Pengguna - Fungsi Captcha
Status: | Closed - End of life cycle | Start date: | October 26, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
Deskripsi :
Pengujian pada apikasi BIFAST menunjukan aplikasi meemiliki kelemahan terhadap enumerasi pengguna aplikasi dimana fungsi captcha hanya akan muncul ketika ada username valid
Situs Target :
http://10.170.136.228/bifast-portal//getOTP?userAlias=[username]
Rekomendasi :
Kami sarankan untuk cek kembali fungsi captcha yang aktif khusus untuk username valid untuk mencegah pengungkapan informasi pengguna aplikasi.
History
#1 Updated by Stephanie Sufrapto almost 2 years ago
- Status changed from New - Begin Life Cycle to User Acceptance Test
- Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
- % Done changed from 0 to 100
Provide patch Version 2.0.105 at 8 October 2022
#2 Updated by Zahir Abd Latif almost 2 years ago
- Status changed from User Acceptance Test to Closed - End of life cycle
Issue closed in SCP.