Support #13283: [SCP ID ID :##6484##] : VAPT Findings - BIF-102516 - Enumerasi Pengguna - Fungsi Captcha - BI FAST Support - Penril Support System

Support #13283

[SCP ID ID :##6484##] : VAPT Findings - BIF-102516 - Enumerasi Pengguna - Fungsi Captcha

Added by Zahir Abd Latif almost 2 years ago. Updated almost 2 years ago.

Status:

Closed - End of life cycle

Start date:

October 26, 2022

Priority:

Normal

Due date:

Assignee:

Zahir Abd Latif

% Done:

100%

Category:

Spent time:

Target version:

Description

Hi,
Kindly attend below request:-

Deskripsi :

Pengujian pada apikasi BIFAST menunjukan aplikasi meemiliki kelemahan terhadap enumerasi pengguna aplikasi dimana fungsi captcha hanya akan muncul ketika ada username valid

Situs Target :

http://10.170.136.228/bifast-portal//getOTP?userAlias=[username]

Rekomendasi :

Kami sarankan untuk cek kembali fungsi captcha yang aktif khusus untuk username valid untuk mencegah pengungkapan informasi pengguna aplikasi.

5. Fungsi Captcha.png (122 KB) Zahir Abd Latif, October 26, 2022 19:40

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

Status changed from New - Begin Life Cycle to User Acceptance Test
Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
% Done changed from 0 to 100

Provide patch Version 2.0.105 at 8 October 2022

#2 Updated by Zahir Abd Latif almost 2 years ago

Status changed from User Acceptance Test to Closed - End of life cycle

Issue closed in SCP.

Also available in: Atom PDF

B - Production Support » BI FAST Support

Issues

Support #13283

[SCP ID ID :##6484##] : VAPT Findings - BIF-102516 - Enumerasi Pengguna - Fungsi Captcha

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

#2 Updated by Zahir Abd Latif almost 2 years ago