1. Narayana Bhat P
  2. PowerServer
  3. Wednesday, 24 April 2024 11:23 AM UTC

Hi team,

Powerserver deployed application undergone for VA/PT process and observed that SSL pinning to be enabled in application, how we can do this? any guide help us

Below is the observation

Vulnerability: Application is vulnerable to MITM Attacks

Description: The application uses port:443 for the data transmission. However, it was observed that there is no SSL pinning mechanism implemented and the traffic can be intercepted using HTTP proxy tools such as Burpsuite.

Recommendation/ Solution:

 Use Obfuscation to rename the methods in the certificate pinning code, which can avoid the SSL hooking to the application.

 

Accepted Answer
Logan Liu @Appeon Accepted Answer Pending Moderation
  1. Thursday, 25 April 2024 01:36 AM UTC
  2. PowerServer
  3. # Permalink

Hi Narayana,

Please ensure you have disabled the Ignore PowerServer Certificate option and verify again.

Ignore PowerServer certificate errors - - PowerServer 2022 R3 Help (appeon.com)

If need more help, please report your issue via our support ticketing system to ensure it is being properly received by our tech support and tracked at: https://www.appeon.com/standardsupport/

Regards, 

Logan

Comment
  1. Narayana Bhat P
  2. Thursday, 25 April 2024 10:32 AM UTC
Dear Logan,



Thanks,

We will check the same or we will raise a ticket in Standard Support
  1. Helpful
  1. Narayana Bhat P
  2. Wednesday, 8 May 2024 10:26 AM UTC
Dear Logan,



Post disabled the Ignore PowerServer Certificate site is sceure now, thanks for the support

  1. Helpful
There are no comments made yet.


There are replies in this question but you are not allowed to view the replies from this question.
We use cookies which are necessary for the proper functioning of our websites. We also use cookies to analyze our traffic, improve your experience and provide social media features. If you continue to use this site, you consent to our use of cookies.