Configure VAPT on Web Server

Get help with troubleshooting issues
Post Reply
Kendy
Posts: 3
Joined: Mon Oct 02, 2017 3:43 am

Configure VAPT on Web Server

Post by Kendy » Tue Mar 07, 2023 10:27 am

Client had scan on the VAPT on web server and we facing on below issue, can advise on whether newer version fixes this or any step we require to do?

Windows version - Windows Server 2016
TSPLUS version - 14.60.3.1

1. Insufficient Authentication occurs when a web site permits an attacker to access sensitive content or functionality without having to properly authenticate. Web based administration tools are a good example of web sites providing access to sensitive functionality. Depending on the specific online resource, these web applications should not be directly accessible without requiring the user to properly verify their identity.
Refer on Insufficient Authentication.png attachment (https://URL:8080/cgi-bin/hb.exe)

2. External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some cases might even be the intended behavior of the application. However, in many cases, it can indicate a vulnerability with serious consequences.
In cases where DNS-based interactions can be triggered, it is normally possible to trigger interactions using other service types, and these are reported as separate issues. If a payload that specifies a particular service type (e.g. a URL) triggers only a DNS-based interaction, then this strongly indicates that the application attempted to connect using that other service, but was prevented from doing so by egress filters in place at the network layer. The ability to send requests to other systems can allow the vulnerable server to be used as an attack proxy. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. This may include public third-party systems, internal systems within the same organization, or services available on the local loopback adapter of the application server itself. Depending on the network architecture, this may expose highly vulnerable internal services that are not otherwise accessible to external attackers.
Refer on Insufficient Authentication.png attachment (https://URL:8080/cgi-bin/hb.exe)

3. The transmission of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. Also, never use GET to send sensitive information such as Credentials.
Refer on Insufficient login password protection.png attachment (https://URL:8080)

Post Reply