Handle Improper Session Management in FLW App

XMLWordPrintable

    • Type: Task
    • Resolution: Unresolved
    • Priority: Medium
    • 3.5.0
    • Affects Version/s: None
    • None
    • AMRIT Sprint 39, AMRIT Sprint 38, AMRIT Sprint 42, AMRIT Sprint 43
    • Platform
    • All

      Vulnerability Name: Improper Session Management

      1. Vulnerable Point:
        https://amritdemo.piramalswasthya.org/identity-0.0.1/rmnch/syncDataToAmrit
      2. Observation / Description: Improper session handling occurs when the user is able to access the content which he/she is not intended to access at the client side.
      3. Impact: If by any means an unauthorized user gets the URL for sensitive content, he/she can then access the sensitive content without any legit session of that application.
      4. Recommendation: To handle sessions properly, ensure that web app code creates, maintains, and destroys session tokens properly over the life-cycle of a user's web app session.
      5. Recommendation Solution: Along with 'Authorization Token' a 'Refresh Token' is required

            Assignee:
            Nikhil Ananda Fegade
            Reporter:
            Madhava Ramu N
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: