Description

It is possible to perform actions that allow circumventing the identification of the customer by means of his fingerprint.

Impact

- Log in to the allied portal as any user. - Approve or reject a users transactions.

Recommendation

Put in place for every resource with business-critical functionality a strong authentication process and ensure that every user attempting to access it is logged in.

Threat

Anonymous attacker with access to the victim's device.

Expected Remediation Time

⏱️ 450 minutes.

Requirements

Fixes