Result Summary
Vulnerabilities
OWASP Top 10
A01 | YES | |
---|---|---|
A02 | NO | |
A03 | NO | |
A04 | YES | |
A05 | YES | |
A06 | NO | |
A07 | NO | |
A08 | NO | |
A09 | NO | |
A10 | NO |
Detailed Results
Vulnerability | Risk | Impact | Status |
---|---|---|---|
Broken Authorization | High | This allows a low privilege attacker to perform actions that a higher privilege user would normally have access to. | 🧑🏭 |
Default Passwords Hardcoded | Low | In a default implementation of an openIMIS environment, an attacker with access with these passwords can potentially access confidential information. |
|
GraphQL introspection enabled | Low | An attacker can map out the API’s schema and gather information related to its configuration. This could lead to further attacks and potential loss of sensitive information. | ⛔ |
Cookie Without SECURE flag | Low | To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. | ⛔ |
Report