Project

General

Profile

Actions
Copy link

Bug #95

closed

Feature #65: Security Audit

[Security Audit ] 30- Port misconfiguration

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:
Closed
Priority:
Low
Assignee:
Uday Kumar Dara
Category:
-
Target version:
Security Audit
Start date:
17/04/2024
Due date:
% Done:

0%

Estimated time:
Deployed In:
Category:

Description

30 -Port misconfiguration
CWE : CWE-16
Description :
During the security audit it was observed that the application is configured on different
ports such as http (80) and https (443)
Affected Path(s) :
https://earogya.satragroup.in/ http://earogya.satragroup.in/ *-Applicable to entire
application
Impact :
If the application is using cleartext transmission protocols then there are possibilities of
MITM attacks.
Recommendation :
It is recommended to use only secure communication protocols for data transmission.
Evidence/Proof Of Concept :
Step 1: Application hosted on both http (80) and https (443) ports.

Step 2: Application hosted on both http (80) and https (443) ports.

Files

Download all files
clipboard-202404171614-zny62.png (520 KB) clipboard-202404171614-zny62.png Kalyan Battula, 17/04/2024 04:14 PM
clipboard-202404171614-wcf2v.png (114 KB) clipboard-202404171614-wcf2v.png Kalyan Battula, 17/04/2024 04:14 PM
Actions
Copy link

Also available in: Atom PDF