Company: Link Technologies
Case No: L12241. Project: 12.40: LinkSOFT Version 12.40 - 12.41
Logged By: Sanjay (Link Technologies) on 29 Apr 2021 04:27PM
Priority: High
Product: Framework
Group: Enhancement
Time Taken: 12.00 (Weight: 16.00)
Version: 12.40
Assigned To: Sanjay (Link Technologies)
Circulation: Sanjay
Resolve By: Friday, 30 April 2021 11:59 PM [1065 days since logged date]
Status: Closed
Subject: Security Compliance and Improvements
Summary:    

Review the following security requirements across the LinkSOFT Application

  1. Remove all Object Exceptions "throw" from public/unsecured pages to prevent hackers from seeing error messages.
  2. Validate public page Query strings before processing them
  3. Add CAPTCHA to 2FA if the code entered is incorrect after 1 attempt
Audit Notes:Edited by sanjay on 29/04/21 16:27. 
29 Apr 202104:26PM Comment 1 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 29-04-2021 08:23 PM Time Taken: 12.00
PART A - Development work for this case has been completed.

1. The change will be available in version: 12.40.0429

2. The following changes were made(Include Database object names, Program classes, and any other relevant information):

  1. Removed all Object Exceptions "throw" from public/unsecured pages to prevent hackers from seeing error messages. This includes API pages and "Contact Us", Email Authorisation and "View Attachment" pages.
  2. Validate public page Query strings for GUID's before processing them - found the issue on one page
  3. Added CAPTCHA to 2FA if the code entered is incorrect after 1 attempt

3. Affected Areas:

  1. Attachments
  2. 2FA
  3. License API

4. The issue was caused by:

  1. Security Compliance

5. Notes
6. Next Step
(Review and System Test (Developer) -> UAT (Quality) -> Documentation): System Test completed.


29 Apr 202104:27PM Comment 2 by Sanjay (Link Technologies) ETC was changed from 30/04/2021 to 30/04/2021
If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L12241 in the subject line of all emails regarding this issue.

Document size: 3.0 KB
For call complaints, please contact the Managing Director of the company using this form