Security Test Report

High

Medium

Low

Information

Total

Fixed

Medium

Low

Description

An attacker can steal a JWT cookie from the browser and try to extract any personal information that is available there. 1. Install cookie manager plugin in any browser 2. Login into the application and click cookie manager 3. Select JWT for current page 4. Copy the JWT and go to jwt.io website to decode the token 5. Check if any sensitive information is disclosed in the token's payload as this is mostly base64 encoded

Risk Assessment

For authentication and authorization in MOSIP we use JWT tokens. If any PII data is shared in the token, it would be considered a data breach.

Fix Recommendation

No PII data should be shared in the token.

Fixed

Medium

Low

Description

Attacker can steal JWT cookie from the browser and crack the JWT secret key 1. Get the JWT token using the cookie manager plugin 2. Run an automated tool to crack the JWT token and check if you can break the security key if the security key is weak

Risk Assessment

For authentication and authorization in MOSIP we use JWT tokens. If the token is broken, the secret key can be revealed as well as other important data can be exploited.

Fix Recommendation

A very strong and random secret key should be used and it should be changed at regular intervals.

Fixed

Low

Low

Risk Assessment

If a session doesn't get invalidated after calling the logout API, then the risk of any attacker taking over the session becomes high.

Fix Recommendation

The session must be invalidated as soon as the user calls the logout API. After the token gets invalidated, all the access for the token should be removed.

Fixed

Medium

Medium

Risk Assessment

If an attacker bypasses authentication, then a lot of other vulnerabilities can be exploited by the attacker.

Fix Recommendation

In our modules, we don’t use username and password externally, hence this is inapplicable.

Known issue, not a vulnerability

Medium

Medium

Risk Assessment

It allows the PII data of an individual to be leaked. It can also lead to generation of faulty data and incomplete profiles.

Fix Recommendation

Most of the data should be sent in an encrypted manner.

Known issue, not a vulnerability

Medium

Low

Risk Assessment

A denial of service (DoS) attack can take place if an attacker uses a tool to send thousands of requests each minute, which may cause server to crash or be inefficient.

Fix Recommendation

There should be a limit on number of times an user can send a request, and there must be blacklisting method for disabling users who are sending too many requests.

Known issue, not a vulnerability

Low

Low

Risk Assessment

With a sophisticated tool an attacker can try to brute force through the initial login page. If he is successful, He will be able to further attack all the available options that an admin has.

Fix Recommendation

The passwords have to be strong and authentication should not allow numerous attempts.

Fixed

Medium

Medium

Risk Assessment

If an attacker gets through admin login, he will be able to use malicious scripts through the UI and can take over the server.

Fix Recommendation

All inputs by user’s should be considered as potentially dangerous and must pass through sanity. It should always be treated as text and not scripts. In mosip we use anti-xss configuration as well.

Fixed

Medium

Medium

Risk Assessment

Malicious file upload can be a considered one of the high risk attacks. An attacker can create a malicious file with script sin the file name or scripts hidden inside the meta data of the file and the server may execute it.

Fix Recommendation

In admin portal there are two types of uploads ".CSV" and ".csr". Both of these inputs are sanitized and are validated before being used by the code.

Fixed

Medium

Medium

Risk Assessment

If Null byte injected payloads get through and get executed, there is a good chance malicious files can be uploaded, may even lead to RCE.

Fix Recommendation

Sanitation of every input is done thoroughly, all the filenames and extensions are whitelisted and checked before being used.

Fixed

Low

Medium

Risk Assessment

If buffer overload attacks are tried and are successful it can lead to server crashing and can cause issues with the day to day operation of the project.

Fix Recommendation

In MOSIP,the size limit is set to 4 Megabytes, which is configurable and hence buffer overload threat is mitigated.

Known Issue

Low

Medium

Risk Assessment

Banner grabbing is not a direct vulnerability however it may lead attackers to try newly exposed vulnerability of software or framework that has not been patched yet.

Fix Recommendation

In MOSIP, configurations have been changed and updated so that these values are not accessible to external users. The patches are also updated regularly.

Known Issue

Medium

Medium

Risk Assessment

If path traversal is allowed the attacker will try to find any important files through adding ../../ to the url in the request.

Fix Recommendation

In MOSIP, path traversal is not allowed and all files are secured robustly. We use server configurations to sanitize the URLs.

Fixed

Medium

Medium

Risk Assessment

A CSRF or a Cross Site Request Forgery is a very dangerous vulnerability. In a CSRF attack an attacker can send a malicious link to an authentic user and if the website is susceptible to CSRF attack then it will allow the attacker to steal the token of the user and access to the server.

Fix Recommendation

CSRF is blocked in MOSIP, using anti-CSRF configurations.

Fixed

Medium

Medium

Risk Assessment

CORS or Cross Origin Resource Sharing is equally dangerous. It allows external users to have access to resources that only intended user should have access to.

Fix Recommendation

CORS is also blocked in mosip using anti-CORS configurations.

Known Issue, not a vulnerability.

Low

Medium

Risk Assessment

In a Header manipulation attack an attacker changes the headers of the requests to see if it shows any values or errors in response. Without right validation these Headers can cause unwanted changes in DB and Server.

Fix Recommendation

In MOSIP, each request is whitelisted with only the one header it is required to have and manipulating header values will

Known Issue, not a vulnerability.

Low

Medium

Risk Assessment

The certificates are key to establishing the trust chain among various modules in MOSIP. If an incorrect certificate gets through and replaces a valid one, it may cause the module to stop working all together.

Fix Recommendation

In MOSIP, we require a specific format to upload certificates and before accepting any certificate we match the public key modulus of the certificates.

Fixed

Medium

Medium

Risk Assessment

Request smuggling although uncommon is still a very dangerous vulnerability. In request smuggling we send multiple packets of data in quick succession to try and deceive the server and use the incorrect packet of data.

Fix Recommendation

In MOSIP,we do not allow any external header and all the input are sanitized before being used by the server.

Fixed

Medium

Medium

Risk Assessment

XXE injections are used by attackers to input payloads into the logic of an XML application.

Fix Recommendation

The inputs are robustly sanitized before use and also special characters are not allowed in every field,to minimize risk.

Known issue, not a vulerability

Low

Medium

Risk Assessment

If an attacker is able to successfully spoof or change the data of a person, then he/she would be able to make unwanted changes in the database.

Fix Recommendation

In MOSIP, each piece of data goes through multiple layers if encryption/decryption and signature validation. Hence, any spoofed or changed data will be invalid.

Fixed

Medium

Medium

Risk Assessment

The double host header or multiple header attack allows the attacker to send malicious data or website links in the headers of the request.

Fix Recommendation

In MOSIP, each header value is sanitized and validated before use.

Fixed

Medium

Medium

Risk Assessment

This is an example of horizontal privilege escalation. An attacker with a regular user access tries to get the data of another user.

Fix Recommendation

In MOSIP, horizontal privilege escalation is not possible, each request is accompanied with an unique cookie which an attacker does not have.

Known issue, not a vulnerability.

Medium

Medium

Risk Assessment

In privilege escalation attacks an attacker already has user access and then tries to get admin access. They can try to add extra roles in tokens or use possible admin username and passwords.

Fix Recommendation

In MOSIP, all roles are provided and secured by KeyCloak and each token is validated before use, hence no privilege escalation attacks are probable.

Fixed

Medium

Medium

Risk Assessment

The HTTP 'X-Content-Type-Options' response header prevents the browser from MIME-sniffing a response away from the declared content-type.

Fix Recommendation

In MOSIP, X-content type header is added to configuration to mitigate the vulnerability.

Fixed

Medium

Medium

Risk Assessment

When the used cipher is weak ,it usually tends to fall short in front of brute-force attacks and that leads to data leakage.

Fix Recommendation

In MOSIP we have used hardened ciphers which are highly impossible to break even with sophisticated tools.

Fixed

Medium

Medium

Risk Assessment

The primary benefit of CSP is preventing the exploitation of cross-site scripting vulnerabilities. When an application uses a strict policy, an attacker who finds an XSS bug will no longer be able to force the browser to execute malicious scripts on the page

Fix Recommendation

In MOSIP, we have CSP set in our ngnix configurations along with many other properties to harden our server configuration.

Fixed

Medium

Medium

Risk Assessment

In the registration client, we have an option to import data from preregistered PRIds, which are multiple zip files. If the size and content of the zip files are not regulated, it may lead to buffer overload among other problems.

Fix Recommendation

To mitigate this we have configure a limit of, 1.size of zip file 2.maximum no of files allowed inside a zip 3.The maximum allowed ratio of files and their resultant zip files.