Project

General

Profile

Actions
Copy link

Task #11718

closed
RJ MK

Task #11711: Security Vulnerability Scan 2023-05-18

Fix security issues in itg-inventory-dev.ase.cit.tum.de

Task #11718: Fix security issues in itg-inventory-dev.ase.cit.tum.de

Added by Robert Jandow about 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Minor
Assignee:
Magnus Kühne
Start date:
06.03.2026
Due date:
% Done:

0%

Estimated time:
SecReporter:
Originally created on:
23.05.2023
Originally updated on:
05.06.2023
Original due date:

Description

{code:java}
############################################################ # host: itg-inventory-dev.ase.cit.tum.de, ip: 131.159.89.188, tcp port: 80 + 4.8 - Cleartext Transmission of Sensitive Information via HTTP + 2023-05-15T14:08:22Z - e0bf1837-a869-47d5-8cdc-d143c74e5b68 - 1.3.6.1.4.1.25623.1.0.108440 summary: The host / application transmits sensitive information (username, passwords) in cleartext via HTTP. problem: The following input fields where identified (URL:input name): http://itg-inventory-dev.ase.cit.tum.de/setup/user:password impact: An attacker could use this situation to compromise or eavesdrop on the HTTP communication between the client and the server using a man-in-the-middle attack to get access to sensitive data like usernames or passwords. solution: Workaround: Enforce the transmission of sensitive data via an encrypted SSL/TLS connection. Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before
{code}

Actions
Copy link

Also available in: PDF Atom