-
Title
Vulnerability Scan: CVA 0148 CWE 592 and CVA 0158 CWE 425 -
Description
Ability To Bypass Business Logic CVA 0148 CWE 592:
Client-side controls are used to determine timeout token at the login screen. By modifying the response I am able to change to timeout from 5 minutes to any amount of time I want Modify the response of from 300 to 30000 https://tpamaddress/common/GetNewEncryptionToken.asp
Bypass Business Application Logic Control via forceful browsing CVA 0158 CWE 425:
The user is able to bypass the business application logic by performing the below: An upload function can be accessed by manipulating a return page. If one navigates to https://tpamaddress/common/UploadFile.aspx, a popup will appear and the upload function will be removed. However, removing some parameters from the return page, one can bypass this to access the upload function
-
Resolution
Ability To Bypass Business Logic CVA 0148 CWE 592:Modifying the response time from 300 will not allow logins past the 300 second timeframe. The token is no longer valid on the backend and will require the page to be refreshed or reloaded in order to attempt an additional login. No change will be made at this time.Bypass Business Application Logic Control via forceful browsing CVA 0158 CWE 425:We are continuing to research an acceptable solution to restrict uploads. Take note that the upload is not available for use and is placed in a temporary restricted directory that cannot be accessed after the upload is finalized when this method is employed. -
Change Request
9402