Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Felix Bauer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Jira Legacy
    serverJIRA
    serverId3162e2e3-7847-3218-811e-73d3b7cc1d61
    keySEC-131

      • Category: Customer Security: medium - high
      • Type: Open Redirect
      • Risk: Identity-theft, Phishing, Defacement
      • Summary: A bug in the django-1.11.14 allows an attacker to fool our customers by redirecting them to external/attacker controlled websites
      • For unkown reasons did not get merged into release 2.9.0
      • Is fixed in development by upgrading django and its dependencies to 1.11.16
      • fixed/deployed as hotfix 2.9.2

  • Jira Legacy
    serverJIRA
    serverId3162e2e3-7847-3218-811e-73d3b7cc1d61
    keySEC-125
      • Category: Customer Security: medium- high
      • Type: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
      • Risk: Session-Highjacking, Stolen Payments, Insecure NETS payment
      • Summary: During NETS payment our customer loses his secured cookies when getting redirected
      • Fix has been reverted, due to a bug and time constraintsfor now.constraints
      • NETS payment should be treated as insecure
      • unfixed/unplannedfixed/deployed as hotfix 2.9.2