Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Common Admin URL vulnerability failed Scan after forced logine extension

‎05-03-2019 11:11 PM
‎05-03-2019 11:11 PM

Common Admin URL vulnerability failed Scan after forced logine extension

On a magento2 website, we are using a forced login extension which redirects users to login page if they are not logged in and user can not access any page of the website if user is not logged in.

After installing this extension we are facing an issue related to magento security scan. Our magento is failing the Brute force Scan claiming that our admin is at common URL. When we run the scan with Forced Login disabled , it passes the test.

Is there any way we can pass the test with the exension installed? If we can identify the request is from magento scan or from real user we can customize the extension to pass the test but we are not able to identify it because Magento Security scan seems to be spoofing user agent.

any help will be appreciated.

 

Labels:
0 Kudos
Reply
1 REPLY 1
‎05-04-2019 03:33 AM
‎05-04-2019 03:33 AM

Re: Common Admin URL vulnerability failed Scan after forced logine extension

@Simplysaif89Did you get the extension from Market place or directly from the seller website?

 

You must report this to extension provider and get this resolved. There are possibilities that Magento best practices are not implemented in the extension and it can be vulnerable. Rather than finding a work around I would recommend to fix the problem.

 

Security issues can cause you a lot more which you may or may not thought off.

 

Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.
0 Kudos
Reply