Description

By using the F015 finding to obtain a token, it is possible to bypass facial recognition processes to enter application transactions, and likewise to accept or deny authorizations from a user.

Impact

- Log in to the allied portal as any user. - Approve or reject a users transactions.

Recommendation

Put in place for every resource with business-critical functionality a strong authentication process and ensure that every user attempting to access it is logged in.

Threat

Anonymous attacker from the Internet with a valid token.

Expected Remediation Time

⏱️ 450 minutes.

Requirements

Fixes