...
Issue | A04:2021 – Insecure Design - Delete EPA/EPA Manager Request Susceptible to CSRF | ||||||||
Priority |
| ||||||||
EP Number |
| ||||||||
Resolution | We have updated the EPA/EPAM user listing screens to use the new condensed menu that is being rolled out across epaPRO. |
Issue | A06:2021 Vulnerable and Outdated Components | ||||||||
Priority |
| ||||||||
EP Number |
| ||||||||
Resolution | Latest version of PHP was updated within the usual release cycle to the latest version, this was already scheduled to take place after the test was carried out. |
Issue | A07:2021 – Identification and Authentication Failures - Account Enumeration Possible Via Login Page | ||||||||
Priority |
| ||||||||
EP Number |
| ||||||||
Resolution: | The test noted that there was a difference in styling on the error messages (bold vs. normal text). These instances now return the same, consistently styled error message to the user. |
...
Issue | A02 - Cryptographic Failures – Weak Ciphers Within TLSv1.2 Supported | ||||||||
Priority |
| ||||||||
EP Number |
| ||||||||
Resolution: | TBC |
...