Project

General

Profile

Actions
Copy link

Bug #90

closed

Feature #65: Security Audit

[Security Audit ] 25- Logout Functionality Not Implemented

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:
Closed
Priority:
Low
Assignee:
Raju Kuthadi
Category:
-
Target version:
Security Audit
Start date:
17/04/2024
Due date:
% Done:

0%

Estimated time:
Deployed In:
Category:

Description

25 -Logout Functionality Not Implemented
CWE : CWE-1028
Description :
Logout functionality has not been implemented properly post login in the application.
Affected Path(s) :
https://earogya.satragroup.in/change-password *-Applicable to entire application
Impact :
This flaw that lets an application permit an attacker to reuse old session credentials or
session IDs, thus exposing an application to attacks that steal or reuse users’ session
identifiers.
Recommendation :
It is recommended to implement logout functionality.
Evidence/Proof Of Concept :
Step 1: Logout Functionality Not Implemented as shown in below screenshot.

Files

clipboard-202404171608-qoncp.png (563 KB) clipboard-202404171608-qoncp.png Kalyan Battula, 17/04/2024 04:08 PM
Actions
Copy link
 #1

Updated by Karthik Daram about 1 year ago

  • Status changed from New to In Progress
  • Assignee set to Raju Kuthadi
Actions
Copy link
 #2

Updated by Karthik Daram 12 months ago

  • Status changed from In Progress to Resolved
Actions
Copy link
 #3

Updated by Sivakanth Kesiraju 12 months ago

  • Target version set to Sprint 1 (29th April - 3rd May)
Actions
Copy link
 #4

Updated by Sivakanth Kesiraju 12 months ago

  • Target version changed from Sprint 1 (29th April - 3rd May) to Security Audit
Actions
Copy link
 #5

Updated by Gautam Kumar 7 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF