Support #13285: [SCP ID :##6486##] : VAPT Findings - BIF-102545 - Kelemahan Backdate - Create SLA Management - BI FAST Support - Penril Support System

Support #13285

[SCP ID :##6486##] : VAPT Findings - BIF-102545 - Kelemahan Backdate - Create SLA Management

Added by Zahir Abd Latif almost 2 years ago. Updated almost 2 years ago.

Status:

Closed - End of life cycle

Start date:

October 26, 2022

Priority:

Normal

Due date:

Assignee:

Zahir Abd Latif

% Done:

100%

Category:

Spent time:

Target version:

Description

Hi,
Kindly attend below request:-

Deskripsi :

Pengujian pada aplikasi BIFAST menunjukan aplikasi memiliki kelemahan backdate terhadap fungsi create SLA Management

Situs Target :

https://10.170.136.228/bifast-portal/ss227/slaMgmtCreateConfirm.do

Rekomendasi :

Kami sarankan untuk implementasi verifikasi pada tanggal yang digunakan dalam fungsi untuk mencegah serangan backdate dan melakukan validasi terhadap fungsi date di sisi server bukan hanya pada sisi client

7. Create SLA Management.png (587 KB) Zahir Abd Latif, October 26, 2022 19:53

7.1 Create SLA Management.png (519 KB) Zahir Abd Latif, October 26, 2022 19:53

7.2 Create SLA Management.png (195 KB) Zahir Abd Latif, October 26, 2022 19:53

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

Status changed from New - Begin Life Cycle to User Acceptance Test
Assignee set to Zahir Abd Latif
% Done changed from 0 to 100

Provide patch Version 2.0.105 at 8 October 2022

#2 Updated by Zahir Abd Latif almost 2 years ago

Status changed from User Acceptance Test to Closed - End of life cycle

Issue closed in SCP.

Also available in: Atom PDF

B - Production Support » BI FAST Support

Issues

Support #13285

[SCP ID :##6486##] : VAPT Findings - BIF-102545 - Kelemahan Backdate - Create SLA Management

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

#2 Updated by Zahir Abd Latif almost 2 years ago