First Issue:
Finding Description:
During our assessment it was identified that the web application contains HTML forms field
with an input of type 'password' where 'autocomplete' is not set to 'off'. While this does not
represent a risk to this web server per se, it does mean that users who use the affected
forms may have their credentials saved in their browsers, which could in turn lead to a loss
of confidentiality, if any of them use a shared host or their machine is compromised at
some point. The issue was identified under the following URLs:
Affected URLs
https://diwanspace.dubai.gov.ae/login.action
Ease of Identification:
The vulnerability was identified with the use of a common web browser.
Ease of Exploitation:
The vulnerability is not directly exploitable per se, but rather in correlation with other factors
(e.g. by gaining access to the end-user workstation).
Potential Impact: Low
Dumping all data from a browser can be fairly easy, as attackers can use a number of
readily available automated tools.
Exposure Level: Very Low
The exposure level is considered Very low.
Corrective Actions: Add the attribute 'autocomplete=off' to password prevent browsers from caching credentials.
Second Issue:
Description:
During our assessment, we identified the following outdated JavaScript libraries being in
use, which are susceptible to a number of vulnerabilities. Specifically, the libraries identified
are the following:
Affected URL Version
https://diwanspace.dubai.gov.ae/s/003dea82ef0248a15e17abe22ce
40977CDN/fr_FR/7901/9eed016aaa593220cd98620fec88bcbd9fd55893/
18384c6dc0a22ebf7c4bdc9ce515987d/_/download/contextbatch/js/
_super/batch.js?locale=fr-FR – JQuery 1.7.2
Note: The aforementioned JavaScript libraries are outdated hence considered vulnerable;
however, it is uncertain whether the exposed/used functionalities of the libraries are
actually being used. As a result, the actual vulnerabilities cannot be verified.
Ease
Ease of Identification:
The identification is fairly easy, by monitoring and identifying the vulnerable versions of the
libraries. The ease of identification is considered very high.
Ease of Exploitation:
The exploitation of the vulnerabilities depends on specific functionality within the libraries
being used in the site/application code.
Potential Impact:
An attacker could potentially exploit various vulnerabilities in the affected libraries such as
Cross Site Scripting. These vulnerabilities do not target the server but rather its users. The
impacts of such attack can range from the disclosure of the user’s sensitive information to
execution of arbitrary code on the target user’s system.
Exposure Level:
The exposure level is considered very low.
*Corrective Actions: *Consider updating the affected libraries to the latest version.
You would need to pull apart Confluence and rebuild it with a set of unsupported code changes to implement this.
Two big impacts here are
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.