Feature #286: [Security Audit Round 2 ] Port misconfiguration (Repeated) - E-Arogya - Redmine

Actions

Copy link

Feature #286

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Port misconfiguration (Repeated)

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:

Ready for Prod

Priority:

High

Assignee:

Uday Kumar Dara

Category:

Target version:

Security Audit

Start date:

01/05/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

Port misconfiguration (Repeated)
CWE : CWE-16
Description :
During the security audit it was observed that the application is configured on different
ports such as http (80) and https (443)
Affected Path(s) :
https://earogya.satragroup.in/ http://earogya.satragroup.in/ *-Applicable to entire
application
Impact :
If the application is using cleartext transmission protocols then there are possibilities of
MITM attacks.
Evidence/Proof Of Concept :
Step 1: Application hosted on both http (80) and https (443) ports.

Step 2: Application hosted on both http (80) and https (443) ports.

Recommendation :
It is recommended to use only secure communication protocols for data transmission.

Files

Download all files

clipboard-202405011323-bcoah.png (462 KB) clipboard-202405011323-bcoah.png		Kalyan Battula, 01/05/2024 01:23 PM
clipboard-202405011323-ddq7o.png (83 KB) clipboard-202405011323-ddq7o.png		Kalyan Battula, 01/05/2024 01:23 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Feature #286

[Security Audit Round 2 ] Port misconfiguration (Repeated)

Updated by Vasudev Mamidi 12 months ago

Updated by Harish Beechani 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Harish Beechani 11 months ago