Task #34192
Обновлено Hryhorii Sirenok больше 3 лет назад
We need to fix a The system has several security gap described below
create a link flaws. The passwords in the job description "javascript:alert(JSON.stringify(document.cookie));" - could database are hashed using the md5 algorithm which is considered to be also an Ajax request insecure for such use. The MD5 algorithm was initially designed to be used as a 3rd party
If a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. The session cookie which is used to identify the currently logged-in user clicks on is misconfigured in an insecure manner (secure flag is not set, “httponly” flag is not set, and “samesite” flag is not set). This misconfiguration opens up the link, the 3rd possibility of a third party could hijack the taking possession of someone’s session token
it should be easily fixable by setting "samesite" cookie, and "httponly" in performing actions on their behalf.
We need to change the response header current MD% algorithm to SHA1 & SHA256. The password has to consist of 8 symbols, at list 1 of them is Capital and one is a num.
create a link flaws. The passwords in the job description "javascript:alert(JSON.stringify(document.cookie));" - could database are hashed using the md5 algorithm which is considered to be also an Ajax request insecure for such use. The MD5 algorithm was initially designed to be used as a 3rd party
If a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. The session cookie which is used to identify the currently logged-in user clicks on is misconfigured in an insecure manner (secure flag is not set, “httponly” flag is not set, and “samesite” flag is not set). This misconfiguration opens up the link, the 3rd possibility of a third party could hijack the taking possession of someone’s session token
it should be easily fixable by setting "samesite" cookie, and "httponly" in performing actions on their behalf.
We need to change the response header current MD% algorithm to SHA1 & SHA256. The password has to consist of 8 symbols, at list 1 of them is Capital and one is a num.