Admin panel exposed

Description

During the scan, Cytrix managed to find that the administrator’s login page is viewable and accessible through any IP address.

An attacker could exploit this finding to perform BruteForce attacks against users, or, to create a similar phishing page scamming users and more.

Recommendation

Define and restrict access which IP addresses are allowed to access the administrator’s login page.
Remember, only authorized personal should have access to this page, block access to anyone other than them.

References

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces

< Return to all Vulnerabilities

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »