·
1 commit
to security-community
since this release
Release date: 2024-25-08
Security fixed and patched vulnerabilities from pentest report per severity:
High: API accessible without authentication
Medium: No rate limit on forgot password request
Medium: No account lockout implementation
Low: When an unexpected input was supplied to the API
Low: Cookie lacks HTTP-Secure attribute
Low: Excessive info disclosure
Low: Clickjacking on login page
Low: HSTS header missing from response
Check for excessive information disclosure in API response (OWASP A01-Broken Access Control)
Link: https://www.unicis.tech/docs/platform/unicis-platform-changelog
Blogpost: https://www.unicis.tech/blog/unicis-platform-2024-pentest-security-update