Project

General

Profile

Actions
Copy link

Feature #286

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Port misconfiguration (Repeated)

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:
Ready for Prod
Priority:
High
Assignee:
Uday Kumar Dara
Category:
-
Target version:
Security Audit
Start date:
01/05/2024
Due date:
% Done:

0%

Estimated time:
Deployed In:
Category:

Description

Port misconfiguration (Repeated)
CWE : CWE-16
Description :
During the security audit it was observed that the application is configured on different
ports such as http (80) and https (443)
Affected Path(s) :
https://earogya.satragroup.in/ http://earogya.satragroup.in/ *-Applicable to entire
application
Impact :
If the application is using cleartext transmission protocols then there are possibilities of
MITM attacks.
Evidence/Proof Of Concept :
Step 1: Application hosted on both http (80) and https (443) ports.

Step 2: Application hosted on both http (80) and https (443) ports.

Recommendation :
It is recommended to use only secure communication protocols for data transmission.

Files

Download all files
clipboard-202405011323-bcoah.png (462 KB) clipboard-202405011323-bcoah.png Kalyan Battula, 01/05/2024 01:23 PM
clipboard-202405011323-ddq7o.png (83 KB) clipboard-202405011323-ddq7o.png Kalyan Battula, 01/05/2024 01:23 PM
Actions
Copy link
 #1

Updated by Vasudev Mamidi 12 months ago

  • Assignee set to Uday Kumar Dara
Actions
Copy link
 #2

Updated by Harish Beechani 12 months ago

  • Status changed from New to Resolved
Actions
Copy link
 #3

Updated by Sivakanth Kesiraju 12 months ago

  • Target version set to Sprint 1 (29th April - 3rd May)
Actions
Copy link
 #4

Updated by Sivakanth Kesiraju 12 months ago

  • Target version changed from Sprint 1 (29th April - 3rd May) to Security Audit
Actions
Copy link
 #5

Updated by Harish Beechani 11 months ago

  • Status changed from Resolved to Ready for Prod
Actions
Copy link

Also available in: Atom PDF