Project

General

Profile

Actions
Copy link

Feature #267

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Default pages disclosed

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:
Ready for Prod
Priority:
High
Assignee:
Uday Kumar Dara
Category:
-
Target version:
Security Audit
Start date:
01/05/2024
Due date:
% Done:

0%

Estimated time:
Deployed In:
Category:

Description

Default pages disclosed
observation : New
CWE : CWE-284
Description :
Certain default login pages are being disclosed in the application such plesk panel login
Affected Path(s) :
https://snomed.satragroup.in/
Impact :
Adversary can perform brute force attacks to gain unauthorized access.
Evidence/Proof Of Concept :
Step 1: Apache tomcat server page is disclosed as shown in below screenshot.

Recommendation :
It is recommended to restrict direct access to such web pages.

Files

clipboard-202405011303-uhl9g.png (120 KB) clipboard-202405011303-uhl9g.png Kalyan Battula, 01/05/2024 01:03 PM
Actions
Copy link
 #1

Updated by Vasudev Mamidi 12 months ago

  • Assignee set to Uday Kumar Dara
Actions
Copy link
 #2

Updated by Harish Beechani 12 months ago

  • Status changed from New to Resolved
Actions
Copy link
 #3

Updated by Sivakanth Kesiraju 12 months ago

  • Target version set to Sprint 1 (29th April - 3rd May)
Actions
Copy link
 #4

Updated by Sivakanth Kesiraju 12 months ago

  • Target version changed from Sprint 1 (29th April - 3rd May) to Security Audit
Actions
Copy link
 #5

Updated by Harish Beechani 11 months ago

  • Status changed from Resolved to Ready for Prod
Actions
Copy link

Also available in: Atom PDF