Admin panel exposed

Description

The administrator login page is accessible to any IP address.

Bussines Impact

An attacker could exploit this finding to perform BruteForce on users / create a similar phishing page and more.

Recommendation

Define which IP addresses are allowed to access the administrator’s login page.

Reference

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »