Feature #272: [Security Audit Round 2 ] Improper Error Handling - E-Arogya - Redmine

Actions

Copy link

Feature #272

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Improper Error Handling

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:

Ready for Prod

Priority:

High

Assignee:

Uday Kumar Dara

Category:

Target version:

Security Audit

Start date:

01/05/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

Improper Error Handling
observation : New
CWE : CWE-388
Description :
Application discloses various error messages including stacktraces, exceptions, server
versions etc., in error messages.
Affected Path(s) :
/(Webserver)
Impact :
An adversary can use this information to construct further attacks.
Evidence/Proof Of Concept :
Step 1: Improper Error Handling as shown in below screenshot.

Step 2: Improper Error Handling as shown in below screenshot.

Files

Download all files

clipboard-202405011311-nj1vh.png (28.1 KB) clipboard-202405011311-nj1vh.png		Kalyan Battula, 01/05/2024 01:11 PM
clipboard-202405011311-urdtr.png (8.99 KB) clipboard-202405011311-urdtr.png		Kalyan Battula, 01/05/2024 01:11 PM

Actions

Copy link

Updated by Kalyan Battula 12 months ago

Kalyan Battula wrote:

Improper Error Handling
observation : New
CWE : CWE-388
Description :
Application discloses various error messages including stacktraces, exceptions, server
versions etc., in error messages.
Affected Path(s) :
/(Webserver)
Impact :
An adversary can use this information to construct further attacks.
Evidence/Proof Of Concept :
Step 1: Improper Error Handling as shown in below screenshot.

Step 2: Improper Error Handling as shown in below screenshot.

Recommendation :
It is recommended to implement custom error pages and implement throughout the
application.

Actions

Copy link