Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Multiple Critical Vulnerabilities Reported at Enemyproperty - Mha.gov - in AKSIT ServicesPvtLtd On 5th December 2018 PDF

    Enviado por

    Nikki sharma
    63 visualizações7 páginas
    The web application penetration testing report for the Custodian of Enemy Property of India website identified several security issues, including: 1) Security misconfigurations like default Tomcat pages being accessible. 2) Server issues such as vulnerabilities in SSL configurations. 3) Use of a known vulnerable version of Tomcat. 4) The default admin password being used to access the Tomcat manager page.

    Descrição original:

    Título original

    Multiple_Critical_Vulnerabilities_Reported_at_enemyproperty.mha.gov.in_AKSIT_ServicesPvtLtd__on_5th_December_2018.pdf

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    The web application penetration testing report for the Custodian of Enemy Property of India website identified several security issues, including: 1) Security misconfigurations like default Tomcat pages being accessible. 2) Server issues such as vulnerabilities in SSL configurations. 3) Use of a known vulnerable version of Tomcat. 4) The default admin password being used to access the Tomcat manager page.

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    63 visualizações7 páginas

    Multiple Critical Vulnerabilities Reported at Enemyproperty - Mha.gov - in AKSIT ServicesPvtLtd On 5th December 2018 PDF

    Enviado por

    Nikki sharma
    The web application penetration testing report for the Custodian of Enemy Property of India website identified several security issues, including: 1) Security misconfigurations like default Tomcat pages being accessible. 2) Server issues such as vulnerabilities in SSL configurations. 3) Use of a known vulnerable version of Tomcat. 4) The default admin password being used to access the Tomcat manager page.

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 7

    Web-Application Penetration Testing Report

    For

    Custodian of Enemy Property of India

    Website URL: https://enemyproperty.mha.gov.in

    Date: 05th December 2018

    Confidential Report, Not to be circulated or reproduced without appropriate authorization.

    Contact Us : csd.wapt@nic.in
    Application Cyber Security Group
    National Informatics Centre 011-2430-5872
    # A – Block, 011-2430-5142
    CGO Complex, Lodhi Road 011-2430-5934
    New Delhi - 110003
    Contributions:

    Name Role

    1. Mr. Nandhakumar Auditor

    Mr. Kasi ViswanathKethineni


    2. Reviewer
    Mrs. AlkaUpadhyay

    3. Mr. Valsa Raj Uchamballi Coordinator & Point of Contact

    4. Mrs. RatnaboliGhoraiDinda Group Head

    This document is confidential to CSD-NIC. It must not be reproduced or circulated without prior approval from CSD-
    NIC.

    Page |2
    Key Findings

    1. Security Misconfiguration
    2. Server Related Issues
    3. Using Known Vulnerable components
    4. Default Admin Password

    This document is confidential to CSD-NIC. It must not be reproduced or circulated without prior approval from CSD-
    NIC.

    Page |3
    Security Misconfiguration

    Tomcat Default Page Found:

    1. Open the following URL “https://enemyproperty.mha.gov.in/examples/jsp/snp/


    snoop.jsp” and see the tomcat default pages with version as shown in the screenshot below:

    Recommendations

    1. Remove all the unwanted pages from the server.

    This document is confidential to CSD-NIC. It must not be reproduced or circulated without prior approval from CSD-
    NIC.

    Page |4
    Server Related Issues

    1. Upon Scanning, it is observed that the application is vulnerable to various SSL related
    Vulnerabilities as shown in the screenshot below:

    Recommendations

    1. Web servers should be configured to prefer 128-bit ciphers.


    2. Modify TLS's CBC-mode decryption procedure so as to remove the timing side channel.
    3. Add random time delays to CBC-mode decryption processing.

    This document is confidential to CSD-NIC. It must not be reproduced or circulated without prior approval from CSD-
    NIC.

    Page |5
    Using Known Vulnerable Components

    1. Open the following URL “https://enemyproperty.mha.gov.in/manager/


    html/” and observe that the application is using vulnerable version of tomcat as
    shown in the screenshot below:

    Note: Tomcat/6.0.32 is vulnerable to CVE-2016-8735.

    Recommendations

    1. Update the apache Tomcat.

    This document is confidential to CSD-NIC. It must not be reproduced or circulated without prior approval from CSD-
    NIC.

    Page |6
    Default Admin Password

    1. Open the following URL “https://enemyproperty.mha.gov.in/manager/html/”


    and enter username & password as admin. Now see the tomcat web application
    manager as shown in the screenshot below:

    Recommendations

    1. Admin page should not accessible to public. Restrict the admin page access only to
    admin IPs.
    2. Use strong password with alphanumeric characters.
    3. Password should contain minimum of 8 characters.

    This document is confidential to CSD-NIC. It must not be reproduced or circulated without prior approval from CSD-
    NIC.

    Page |7

    Você também pode gostar