Support #4675
[SCP ID :##2376##] : Pentest Issue.
| Status: | Closed - End of life cycle | Start date: | September 10, 2014 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Zahir Abd Latif | % Done: | 100% | |
| Category: | - | Spent time: | - | |
| Target version: | - |
Description
Hi,
Kindly attend below request:
Pentest issue : WEB-IB002 - Application error message.
The details is based on our Vulnerability Assessment and Penetration Testing 2013 report. The affected items is KFH Internet Banking website with URL : www.kfh.com.my. The details as below :
Issue Code : WEB-IB002 Affected URL : displayPage Sample URL : http://www.kfh.com.my/kfhmb/v2/programView.do?channelId=-9182&contentTypeId=3001&displayPage=/ep/common/layoutBody.jsp&field=DISPLAY_ORDER&pageTypeId=8610&programId=10768 Screen Capture :
History
#1
Updated by Zahir Abd Latif almost 10 years ago
Dear Shuhaida,
There is no update on this case since September 10,please help to follow up to see whether we can closed this case or update the status.
Thanks.
#2
Updated by Zahir Abd Latif almost 10 years ago
- Assignee changed from Nor Shuhaida Subri to Yap Kah Yan
Dear Kah Yan,
Please assist regarding this issue.
Refer email : [Request ID :##2376##] : Pentest Issue
Thanks.
#3
Updated by Zahir Abd Latif over 9 years ago
Dear Kah Yan,
Any updates on this case?
Thanks.
#4
Updated by Zahir Abd Latif over 9 years ago
Dear Kah Yan,
This issue is still pending since September 10, 2014.
Please update and follow up with customer.
Kak haida, please advise on this case.
Thanks.
#5
Updated by Zahir Abd Latif over 9 years ago
Dear Kah Yan,
Understand that you are very busy with other production problem, but this issue pending over than 4 months.
User have yet to receive resolution from us until today.
Kindly respond and assist to update the current status in Redmine.
Kak Haida/Lee yong, please advise on this case.
Thanks.
#6
Updated by Yap Kah Yan over 9 years ago
- File pentest-testing_result.docx added
Hi Zahir,
This issue was unable to replicate is development / staging environment.
Attached is the result.
Will need a senior to look into this issue.
Thank you.
#7
Updated by Zahir Abd Latif over 9 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
#8
Updated by Yap Kah Yan over 9 years ago
- Status changed from Development / Work In Progress to Pending Customer Feedback
The given sample url from the pentest is pointing to the old version of kfhmb (before revamp to ver2).
Our suggestion is to set offline for all old version of kfhmb if it is not in used.
This is a sample url of the ver2 version:
http://www.kfh.com.my/kfhmb/v2/contentView.do?contentTypeId=3000&displayPage=%2Fver2%2Fcontent%2Fstandard.jsp&channelPath=%2Fver2%2Fv2_Navigation%2FOnline+Banking&programName=01_OBKFH&tabId=4&cntName=02-HowToSignUp
Sample of affected URL given in pentest:
1. http://www.kfh.com.my/kfhmb/v2/programView.do?channelId=-9182&contentTypeId=3001&displayPage=/ep/common/layoutBody.jsp&field=DISPLAY_ORDER&pageTypeId=8610&programId=10768
Issue Code : WEB-IB002
Affected URL : displayPage
Sample URL : http://www.kfh.com.my/kfhmb/v2/programView.do?channelId=-9182&contentTypeId=3001&displayPage=/ep/common/layoutBody.jsp&field=DISPLAY_ORDER&pageTypeId=8610&programId=10768
#9
Updated by Zahir Abd Latif over 9 years ago
Email from Kah Yan 04/02/2015,
Hi Surianie, Kindly test this issue in UAT by setting FAQ status to offline in BVMC Staging. Path: Navigation > Top-Level Page > Customer Care > FAQ After FAQ is set to offline, please do a comfort test at kfhmb Staging. In Production, the path is Navigation > Top-Level Page > Customer Care > Channel FAQ
#10
Updated by Zahir Abd Latif over 9 years ago
- Status changed from Pending Customer Feedback to Closed - End of life cycle
- Assignee changed from Yap Kah Yan to Zahir Abd Latif
- % Done changed from 0 to 100
Refer email : Re: [Request ID :##2376##] : Pentest Issue
Case closed.