IBKSEC                     Security Findings - PRODUCTION                       

  COMMAND ===> 

 *** CRITICAL SECURITY FINDINGS IN PRODUCTION ENVIRONMENT ***

 SEV      FINDING                                         TICKET

 -------- ----------------------------------------------- -----------

CRITICAL PCI-DSS: PAN/CVV stored in plaintext              IBK-PCI-017

CRITICAL Test users with plaintext passwords in PROD       IBK-SEC-0099

CRITICAL Authentication backdoor (admin/admin)             IBK-2017

CRITICAL SQL Console without authentication                IBK-7701

CRITICAL CVE-2021-44228 Log4Shell (log4j 2.14.1)          N/A

 HIGH    Config drift: bypassFraudForVIP QA!=PROD          N/A

 HIGH    MD5 password hashing (should be bcrypt)           N/A

 HIGH    Transfer not transactional (money-loss risk)      IBK-7788

 MEDIUM  Interest calc discrepancy 360d vs 365d            IBK-8801

 MEDIUM  BPMN vs code divergence (fraud check)             2023-F07

 MEDIUM  SSH private key in deployment scripts             IBK-INFRA-42

  LOW    Expired CA certificate (2023)                     N/A

  LOW    Grafana metrics not emitting                      N/A

 ******************************* BOTTOM OF DATA ********************************