Support #7901
SCP ID :##4135##] : eCustody Production Pentest Finding
Status: | Closed - End of life cycle | Start date: | October 04, 2017 | |
---|---|---|---|---|
Priority: | High | Due date: | October 06, 2017 | |
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:
Recently, IT Security have come out Pentest’s finding on eCustody Production. There have 2 Vulnerabilities which in high and medium risk.
High – Cross Site Scripting (XSS)
Medium - Session cookies without HttpOnly flag
For High risk item, it need to be resolve within 1 month. Pentest Assessment report already shared via email to penril support of eCustody.
Please assist to check and revert asap.
History
#1 Updated by Najmi Pasarudin almost 7 years ago
- Due date set to October 06, 2017
- Start date changed from October 02, 2017 to October 04, 2017
#2 Updated by Najmi Pasarudin almost 7 years ago
#3 Updated by Najmi Pasarudin almost 7 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
From Lee Siew Peng
Hi Najmi,
As spoken on below 2 vulnerability items.
1. High – Cross Site Scripting (XSS) – Please assist to check on jsp for login page and after login also.
2. Medium - Session cookies without HttpOnly flag. Please help to update <cookie-http-only> flag to ’true’. Attached herewith weblogic.xml file
#4 Updated by Najmi Pasarudin almost 7 years ago
- Status changed from Development / Work In Progress to User Acceptance Test
- % Done changed from 0 to 90
Patch has been sent to client for testing. Pending test result.
#5 Updated by Najmi Pasarudin almost 7 years ago
- Assignee changed from Najmi Pasarudin to Zahir Abd Latif
#6 Updated by Najmi Pasarudin almost 7 years ago
- Status changed from User Acceptance Test to Pending Customer Feedback
Issue was deployed on Friday, 03/11/2017.
#7 Updated by Zahir Abd Latif almost 7 years ago
- Status changed from Pending Customer Feedback to Closed - End of life cycle
- % Done changed from 90 to 100
Issue closed in SCP.