Issue | A04:2021 – Insecure Design - Delete EPA/EPA Manager Request Susceptible to CSRF |
Priority | LOW |
EP Number | EP-3868 - Getting issue details... STATUS |
Resolution | We have updated the EPA/EPAM user listing screens to use the new condensed menu that is being rolled out across epaPRO. |
Issue | A07:2021 – Identification and Authentication Failures - Account Enumeration Possible Via Login Page |
Priority | LOW |
EP Number | EP-3867 - Getting issue details... STATUS |
Resolution: | The test noted that there was a difference in styling on the error messages (bold vs. normal text). These instances now return the same, consistently styled error message to the user. |
Issue | Security Misconfiguration - Missing Sub resource Integrity For External Scripts |
Priority | RAISED FOR REFERENCE ONLY |
EP Number | N/A |
Resolution: | Declined - we cannot add an SRI check here to validate the content, as Google necessitate implicit trust of their content. |
Issue | A02 - Cryptographic Failures – Weak Ciphers Within TLSv1.2 Supported |
Priority | LOW |
EP Number | IN PROGRESS |
Resolution: | TBC |
Add Comment