Fluid Attacks Database

Description

Some functions of the application can be accessed without having to be logged into the server. Some only allow you to view and others, to edit some values.

Impact

- List confidential information in the application. - Edit information in the application.

Recommendation

Protect resources that are not authenticated for access.

Threat

Unauthorized user from internal network.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

227 - Display access notification 228 - Authenticate using standard protocols 229 - Request access credentials 231 - Implement a biometric verification component 235 - Define credential interface 264 - Request authentication 319 - Make authentication options equally secure

Fixes

Dart Go Java Php Python Scala