Skip Menu |

This queue is for tickets about the Finance-Bank-HDFC CPAN distribution.

Report information
The Basics
Id: 133617
Status: open
Priority: 0/
Queue: Finance-Bank-HDFC
People
Owner: Nobody in particular
Requestors: hiteshchandu5 [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
HDFC-1.PNG
HDFC-2.PNG

History Show all quoted text
  Tue Oct 27 14:27:51 2020 hiteshchandu5 [...] gmail.com - Ticket created
Subject: Web server default welcome page in hdfc bank domain
Date: Tue, 27 Oct 2020 23:57:14 +0530
To: bug-finance-bank-HDFC [...] rt.cpan.org
From: hitesh chandu <hiteshchandu5 [...] gmail.com>
Dear Team, We found the default web server page on the website used for bank statements for HDFC bank.for more information i have shared screenshots for your reference. feel free to contact me if you require any help. Affected URL : https://smartstatements.hdfcbank.com/ Description: This web server has a default welcome page. If you are not using this web server, it should be disabled because it may pose a security threat. Remediation If this server is not used, it is recommended to disable it. [image: HDFC-1.PNG] [image: HDFC-2.PNG] Thank you Hitesh Chandanshive Mob:9594194754 Security Enthusiast
Download HDFC-1.PNG
image/png 94.6k
HDFC-1.PNG
Download HDFC-2.PNG
image/png 56k
HDFC-2.PNG
  Mon Nov 02 04:23:45 2020 mcgrath.martin [...] gmail.com - Correspondence added
On Tue Oct 27 18:27:51 2020, hiteshchandu5@gmail.com wrote: Show quoted text
> Dear Team, > > We found the default web server page on the website used for bank > statements for HDFC bank.for more information i have shared > screenshots for your reference. > feel free to contact me if you require any help. > > > Affected URL : https://smartstatements.hdfcbank.com/ > > Description: > This web server has a default welcome page. If you are not using this web > server, it should be disabled because it may pose a security threat. > > Remediation > If this server is not used, it is recommended to disable it. > [image: HDFC-1.PNG] > [image: HDFC-2.PNG] > > > Thank you > > Hitesh Chandanshive > Mob:9594194754 > Security Enthusiast
This is a bug queue for a defunct perl module. Not the bank. You should obviously contact the bank, via one of the routes mentioned in their legitimate URL. Disclosing security flaws like this should be done in a reasonable manner (https://en.wikipedia.org/wiki/Responsible_disclosure). Posting this, along with your personal contact details at a random place online is at best unwise.
  Mon Nov 02 04:23:45 2020 The RT System itself - Status changed from 'new' to 'open'