ANALISIS KEAMANAN WEBSITE EJOURNAL.UIN-SUKA.AC.ID TERHADAP SERANGAN PASSWORD RESET POISONING MELALUI TEKNIK HOST HEADER INJECTION

Octovian Aurora Parikesit, NIM.: 21106050076 (2025) ANALISIS KEAMANAN WEBSITE EJOURNAL.UIN-SUKA.AC.ID TERHADAP SERANGAN PASSWORD RESET POISONING MELALUI TEKNIK HOST HEADER INJECTION. Skripsi thesis, UIN SUNAN KALIJAGA YOGYAKARTA.

Preview	Text (ANALISIS KEAMANAN WEBSITE EJOURNAL.UIN-SUKA.AC.ID TERHADAP SERANGAN PASSWORD RESET POISONING MELALUI TEKNIK HOST HEADER INJECTION) 21106050076_BAB-I_IV-atau-V_DAFTAR-PUSTAKA.pdf - Published Version Download (2MB) | Preview
	Text (ANALISIS KEAMANAN WEBSITE EJOURNAL.UIN-SUKA.AC.ID TERHADAP SERANGAN PASSWORD RESET POISONING MELALUI TEKNIK HOST HEADER INJECTION) 21106050076_BAB-II_sampai_SEBELUM-BAB-TERAKHIR.pdf Restricted to Registered users only Download (5MB) | Request a copy

Abstract

Information system security is crucial to maintaining the integrity and trust of users, especially on scientific publication platforms like ejournal.uin-suka.ac.id. One potential threat is attacks on the password reset mechanism, which can lead to account takeover. This research applies penetration testing based on the NIST SP 800-115 framework, focusing on Password Reset Poisoning via Host Header Injection. Additional vulnerability scanning was conducted using Nessus to identify other weaknesses. The results show that the system does not validate the X-Forwarded-Host header, allowing attackers to manipulate password reset links. Furthermore, the absence of rate limiting exposes the system to mass reset requests. Recommended mitigations include strict header validation, domain allowlisting, and implementing rate-limiting mechanisms.

Share this knowledge with your friends :

Actions (login required)

View Item