Administrator Login Accessible through Internet

The finding impacts on Web UI and Desktop app.

The administrator is able to login to the application with username and password only. A compromise of these credentials may cause serious security issues, like deletion of users, website defacement, etc.

Affected Host:

citi.ariscloud.com：443

Implement strong authentication for the administrator access level. A common solution is to allow the administrator to log in from a specific IP address only. Additional solutions for strong authentication include 2 factor, IP restriction, machine tagging, shared secrets, etc