Task #12981
Updated by Najmi Pasarudin about 2 years ago
During the time of assessment, LGMS security team identified that packet replay for the fund transfer function is possible by reusing the HTTP request packet. As a result, it is possible for a malicious user to perform duplicate transactions consecutively. It is worth noting that by performing packet replay, it may potential causes service interruption if high volume of packet being triggered
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution.
Solution:
Action Plan:
Add To add JID to user session feature at database for
# Own transfer
# Third party transfer
# Interbank transfer
# DuitNow transfer
# RENTAS transfer
# Bill payment
# Jompay
# Authorization for above modules every transactions
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution.
Solution:
Action Plan:
Add To add JID to user session feature at database for
# Own transfer
# Third party transfer
# Interbank transfer
# DuitNow transfer
# RENTAS transfer
# Bill payment
# Jompay
# Authorization for above modules every transactions