-
Notifications
You must be signed in to change notification settings - Fork 7
FC Penetration Tests
SchulzeStTSI edited this page May 21, 2025
·
1 revision
Penetration tests were performed by T-Systems MMS team, see test report: Testreport_GaiaX_Lot_5_V1.1.pdf
Found issues and resolutions:
| Chapter | Description | Severity | Resolution |
|---|---|---|---|
| 4.1.1 | Cleartext Transmission of Sensitive Information | Medium | issue #143 |
| 4.2.1 | Insufficient Firewall Rules | High | issue #143 |
| 4.2.2 | Potentially Denial of Service (DoS) | High | issue #143 |
| 4.2.3 | Information Disclosure – Leakage of Configurational Details | High | issue #143 |
| 4.2.4 | Insufficient Patch Management –Outdated JavaScript Libraries | Medium | issue #142 |
| 4.2.5 | Open Ports and Reachable Services | Informational | The server is already configured to only have port 80/tcp and 443/tcp open, no action is required. |
| 4.3.1 | Improper Input Validation | Medium | |
| 4.5.1 | Weak Password Policy | Medium | issue #144 |