Project

General

Profile

Actions
Copy link

Bug #70

closed

Feature #65: Security Audit

[Security Audit ] 5 -Failed Defences Against Application Misuse

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:
Closed
Priority:
High
Assignee:
Vasudev Mamidi
Category:
-
Target version:
Security Audit
Start date:
17/04/2024
Due date:
% Done:

0%

Estimated time:
Deployed In:
Category:

Description

5 -Failed Defences Against Application Misuse
CWE : CWE-841
Description :
The misuse and invalid use of valid functionality can identify attacks attempting to
enumerate the web application, identify weaknesses, and exploit vulnerabilities. Tests
should be undertaken to determine whether there are application-layer defensive
mechanisms in place to protect the application.
Affected Path(s) :
https://earogya.satragroup.in/change-password *-Applicable to entire application
Impact :
The lack of active defences allows an attacker to hunt for vulnerabilities without any
recourse. The application’s owner will thus not know their application is under attack.
Recommendation :
Build inactive defences against application misuse. It is also recommended to implement
strong server side controls in such a way that same request cannot be submitted
multiple times.
Evidence/Proof Of Concept :
Step 1: Login to the application and submit change-password record and sumbit the
record.Again submit the same request multiple times. It was observed that the server accepts
it.

Files

clipboard-202404171537-0avjq.png (55.4 KB) clipboard-202404171537-0avjq.png Kalyan Battula, 17/04/2024 03:37 PM
Actions
Copy link

Also available in: Atom PDF