Bug #90: [Security Audit ] 25- Logout Functionality Not Implemented - E-Arogya - Redmine

Actions

Copy link

Bug #90

closed

Feature #65: Security Audit

[Security Audit ] 25- Logout Functionality Not Implemented

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:

Closed

Priority:

Low

Assignee:

Raju Kuthadi

Category:

Target version:

Security Audit

Start date:

17/04/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

25 -Logout Functionality Not Implemented
CWE : CWE-1028
Description :
Logout functionality has not been implemented properly post login in the application.
Affected Path(s) :
https://earogya.satragroup.in/change-password *-Applicable to entire application
Impact :
This flaw that lets an application permit an attacker to reuse old session credentials or
session IDs, thus exposing an application to attacks that steal or reuse users’ session
identifiers.
Recommendation :
It is recommended to implement logout functionality.
Evidence/Proof Of Concept :
Step 1: Logout Functionality Not Implemented as shown in below screenshot.

Files

clipboard-202404171608-qoncp.png (563 KB) clipboard-202404171608-qoncp.png

Kalyan Battula, 17/04/2024 04:08 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Bug #90

[Security Audit ] 25- Logout Functionality Not Implemented

Updated by Karthik Daram about 1 year ago

Updated by Karthik Daram 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Gautam Kumar 7 months ago