Support #13290
[SCP ID :##6491##] : VAPT Findings - BIF-103434 - Kelemahan Pembatasan Akses - Selected Batch Job
Status: | Closed - End of life cycle | Start date: | October 26, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Bramantyo Pujo Wiyono | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
Deskripsi :
Pengujian pada aplikasi BIFAST menunjukan aplikasi memiliki kelemahan terhadap pembatasan askes dimana penyerangan dapat menggunakan akun "FAST_AdminChecker" untuk akses fungsi milik admin
Sistem Target :
https://10.170.136.228/bifast-portal/ss101/batchJobDashboard.do?selectedBatchJob=
Rekomendasi :
Kami sarankan untuk implementasi pencegahan pada fungsi aplikasi sesuai dengan access matrix dengan menerapkan pembatasan secara logic dalam aplikasi
History
#1 Updated by Stephanie Sufrapto almost 2 years ago
- Status changed from New - Begin Life Cycle to User Acceptance Test
- % Done changed from 0 to 100
Provide patch Version 2.0.105 at 8 October 2022
#2 Updated by Rayvandy Gabbytian 12 months ago
Bram, Sep 5, 2023:
Applyed to Phase2 GA release
#3 Updated by Bramantyo Pujo Wiyono 8 months ago
- Status changed from User Acceptance Test to Closed - End of life cycle
Deployed with Phase2 prod deployment 18Nov2023