Feature #267: [Security Audit Round 2 ] Default pages disclosed - E-Arogya - Redmine

Actions

Copy link

Feature #267

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Default pages disclosed

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:

Ready for Prod

Priority:

High

Assignee:

Uday Kumar Dara

Category:

Target version:

Security Audit

Start date:

01/05/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

Default pages disclosed
observation : New
CWE : CWE-284
Description :
Certain default login pages are being disclosed in the application such plesk panel login
Affected Path(s) :
https://snomed.satragroup.in/
Impact :
Adversary can perform brute force attacks to gain unauthorized access.
Evidence/Proof Of Concept :
Step 1: Apache tomcat server page is disclosed as shown in below screenshot.

Recommendation :
It is recommended to restrict direct access to such web pages.

Files

clipboard-202405011303-uhl9g.png (120 KB) clipboard-202405011303-uhl9g.png

Kalyan Battula, 01/05/2024 01:03 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Feature #267

[Security Audit Round 2 ] Default pages disclosed

Updated by Vasudev Mamidi 12 months ago

Updated by Harish Beechani 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Harish Beechani 11 months ago