How to remediate Suspected Path Manipulation Vulnerability VULM-4869487
@VKP7830 please log a support incident via the MSP for this question as there is not enough context to link this to a Pega issue.
@VKP7830 I see that you had already logged a support ticket for this:
Issue Description:
When a user tries to access the URL with an invalid alias, the login page is still displayed. However, the user reported that this issue is being flagged in their security report.
They expect that when the URL is invalid, an error message should be displayed instead of the login page.
Current behavior:
Though the alias does not exist, login page will be displayed to the user. Post entering the credentials, it throws an error indicating that the alias is invalid
Final Analysis:
Our support team confirmed that currently this is not handled at the platform layer. It is working as per the current design of the product.
Once you hit the URL, though it will show the login page, it will throw an error and not allow you to login after providing the credentials if the URL does not have a valid app alias.
The conclusion of INC-B38038 is that this has now been logged as a product enhancement request: FDBK-118557