Support #13292
[SCP ID :##6493##] : VAPT Findings - BIF-103436 - Kelemahan Pembatasan Akses - Participant Maintenance
Status: | Closed - End of life cycle | Start date: | October 26, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
Deskripsi :
Pengujian pada aplikasi BIFAST menunjukan aplikasi memiliki kelemahan terhadap pembatasn akses dimana penyerang dapat menggunakan akun "FAST_AdminChecker" untuk askes fungsi milik admin
Sistem Target :
Rekomendasi :
Kami sarankan untuk implementasi pencegahan pada fungsi aplikasi sesuai dengan access matrix dengan menerapkan pembatasan secara logic dalam aplikasi
History
#1 Updated by Stephanie Sufrapto almost 2 years ago
- Status changed from New - Begin Life Cycle to User Acceptance Test
- Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
- % Done changed from 0 to 100
Provide patch Version 2.0.105 at 8 November 2022
#2 Updated by Zahir Abd Latif almost 2 years ago
- Status changed from User Acceptance Test to Closed - End of life cycle
Issue closed in SCP.