Support #13292: [SCP ID :##6493##] : VAPT Findings - BIF-103436 - Kelemahan Pembatasan Akses - Participant Maintenance - BI FAST Support - Penril Support System

Support #13292

[SCP ID :##6493##] : VAPT Findings - BIF-103436 - Kelemahan Pembatasan Akses - Participant Maintenance

Added by Zahir Abd Latif almost 2 years ago. Updated almost 2 years ago.

Status:

Closed - End of life cycle

Start date:

October 26, 2022

Priority:

Normal

Due date:

Assignee:

Zahir Abd Latif

% Done:

100%

Category:

Spent time:

Target version:

Description

Hi,
Kindly attend below request:-

Deskripsi :

Pengujian pada aplikasi BIFAST menunjukan aplikasi memiliki kelemahan terhadap pembatasn akses dimana penyerang dapat menggunakan akun "FAST_AdminChecker" untuk askes fungsi milik admin

Sistem Target :

http://10.170.136.228/bifast-portal/ss120/bankEnquiryDetail.do?selected3=BANKDETAIL&index=0&SECONDARY_TOKEN=[SECONDARY_TOKEN]

Rekomendasi :

Kami sarankan untuk implementasi pencegahan pada fungsi aplikasi sesuai dengan access matrix dengan menerapkan pembatasan secara logic dalam aplikasi

29. PARTICIPANT MAINTENANCE.png (525 KB) Zahir Abd Latif, October 26, 2022 23:25

29.1 PARTICIPANT MAINTENANCE.png (193 KB) Zahir Abd Latif, October 26, 2022 23:25

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

Status changed from New - Begin Life Cycle to User Acceptance Test
Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
% Done changed from 0 to 100

Provide patch Version 2.0.105 at 8 November 2022

#2 Updated by Zahir Abd Latif almost 2 years ago

Status changed from User Acceptance Test to Closed - End of life cycle

Issue closed in SCP.

Also available in: Atom PDF

B - Production Support » BI FAST Support

Issues

Support #13292

[SCP ID :##6493##] : VAPT Findings - BIF-103436 - Kelemahan Pembatasan Akses - Participant Maintenance

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

#2 Updated by Zahir Abd Latif almost 2 years ago