all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Thoughts about reporting SPA as Broken access control

Add to bookmarks
Sept. 5, 2023, 3:45 p.m. | /u/EpicBot

cybersecurity www.reddit.com

I read the rules. Please let me know if there is a better place to have this discussion.



I recently received a pen testing report for an SPA (Single Page Application) with only one major vulnerability reported, with a CVSS of 8.1.



The reported issue is classified as "Broken access control".



In this deficiency, they report that by patching the client-side authentication logic in the SPA or using a proxy and modifying the authentication response from the server.



They then …

access access control application broken access control classified control cvss cybersecurity issue major page pen pen testing report reporting rules single single page application spa testing thoughts vulnerability

Visit resource

More from www.reddit.com / cybersecurity

Copilot‘s screen-snapping Recall data stored in plain text 9 hours ago | www.reddit.com
copilot cybersecurity data plain text +3
Cops Swarm Global Cybercrime Botnet Infrastructure in 2 Massive Ops 11 hours ago | www.reddit.com
botnet cops cybercrime cybersecurity +4
What are the most common IAM and PAM solutions in cybersecurity? 12 hours ago | www.reddit.com
cybersecurity cybersecurity professional goal iam +5
How does hiring in APT groups work? 12 hours ago | www.reddit.com
apt apt groups can cybersecurity +5
State of WiFi Security in 2024 13 hours ago | www.reddit.com
article cybersecurity exploiting feedback +9
Prioritize Blue Team for Cybersecurity Success 15 hours ago | www.reddit.com
blue blue team box can +16
Reported a Critical Vulnerability, Retested, and Now I Guess I'm Just Shouting Into the Void? 18 hours ago | www.reddit.com
bypass critical critical vulnerability cvss +6
NIST unveils ARIA program to evaluate and verify AI capabilities & impacts. 19 hours ago | www.reddit.com
ai capabilities aria aria program capabilities +4
Malware Analysis of Latrodectus - Part 1 19 hours ago | www.reddit.com
analysis cybersecurity latrodectus malware +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com