Support #13290: [SCP ID :##6491##] : VAPT Findings - BIF-103434 - Kelemahan Pembatasan Akses - Selected Batch Job - BI FAST Support - Penril Support System

Support #13290

[SCP ID :##6491##] : VAPT Findings - BIF-103434 - Kelemahan Pembatasan Akses - Selected Batch Job

Added by Zahir Abd Latif almost 2 years ago. Updated 8 months ago.

Status:

Closed - End of life cycle

Start date:

October 26, 2022

Priority:

Normal

Due date:

Assignee:

Bramantyo Pujo Wiyono

% Done:

100%

Category:

Spent time:

Target version:

Description

Hi,
Kindly attend below request:-

Deskripsi :

Pengujian pada aplikasi BIFAST menunjukan aplikasi memiliki kelemahan terhadap pembatasan askes dimana penyerangan dapat menggunakan akun "FAST_AdminChecker" untuk akses fungsi milik admin

Sistem Target :

https://10.170.136.228/bifast-portal/ss101/batchJobDashboard.do?selectedBatchJob=

Rekomendasi :

Kami sarankan untuk implementasi pencegahan pada fungsi aplikasi sesuai dengan access matrix dengan menerapkan pembatasan secara logic dalam aplikasi

28. SELECTED BATCH JOB.png (392 KB) Zahir Abd Latif, October 26, 2022 23:18

28.1 SELECTED BATCH JOB.png (371 KB) Zahir Abd Latif, October 26, 2022 23:18

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

Status changed from New - Begin Life Cycle to User Acceptance Test
% Done changed from 0 to 100

Provide patch Version 2.0.105 at 8 October 2022

#2 Updated by Rayvandy Gabbytian 12 months ago

Bram, Sep 5, 2023:
Applyed to Phase2 GA release

#3 Updated by Bramantyo Pujo Wiyono 8 months ago

Status changed from User Acceptance Test to Closed - End of life cycle

Deployed with Phase2 prod deployment 18Nov2023

Also available in: Atom PDF

B - Production Support » BI FAST Support