Support #7901: SCP ID :##4135##] : eCustody Production Pentest Finding - Maybank Custody Support - Penril Support System

Support #7901

SCP ID :##4135##] : eCustody Production Pentest Finding

Added by Zahir Abd Latif almost 7 years ago. Updated almost 7 years ago.

Status:

Closed - End of life cycle

Start date:

October 04, 2017

Priority:

High

Due date:

October 06, 2017

Assignee:

Zahir Abd Latif

% Done:

100%

Category:

Spent time:

Target version:

Description

Hi,
Kindly attend below request:

Recently, IT Security have come out Pentest’s finding on eCustody Production. There have 2 Vulnerabilities which in high and medium risk.
High – Cross Site Scripting (XSS)
Medium - Session cookies without HttpOnly flag

For High risk item, it need to be resolve within 1 month. Pentest Assessment report already shared via email to penril support of eCustody.

Please assist to check and revert asap.

Maybank eCustody Web Application Assessment.pdf (1.27 MB) Najmi Pasarudin, October 04, 2017 10:12

History

#1 Updated by Najmi Pasarudin almost 7 years ago

Due date set to October 06, 2017
Start date changed from October 02, 2017 to October 04, 2017

#2 Updated by Najmi Pasarudin almost 7 years ago

File Maybank eCustody Web Application Assessment.pdf added

#3 Updated by Najmi Pasarudin almost 7 years ago

Status changed from New - Begin Life Cycle to Development / Work In Progress

From Lee Siew Peng

Hi Najmi,

As spoken on below 2 vulnerability items.

1. High – Cross Site Scripting (XSS) – Please assist to check on jsp for login page and after login also.
2. Medium - Session cookies without HttpOnly flag. Please help to update <cookie-http-only> flag to ’true’. Attached herewith weblogic.xml file

#4 Updated by Najmi Pasarudin almost 7 years ago

Status changed from Development / Work In Progress to User Acceptance Test
% Done changed from 0 to 90

Patch has been sent to client for testing. Pending test result.

#5 Updated by Najmi Pasarudin almost 7 years ago

Assignee changed from Najmi Pasarudin to Zahir Abd Latif

#6 Updated by Najmi Pasarudin almost 7 years ago

Status changed from User Acceptance Test to Pending Customer Feedback

Issue was deployed on Friday, 03/11/2017.

#7 Updated by Zahir Abd Latif almost 7 years ago

Status changed from Pending Customer Feedback to Closed - End of life cycle
% Done changed from 90 to 100

Issue closed in SCP.

Also available in: Atom PDF

B - Production Support » Maybank Support » Maybank Custody Support

Issues