Once Author is installed documents can be edited, sent into workflows, out for signatures, and tracking of all document changes. . Folderit: Document Management System (DMS) Software
| Issue | Example | |-------|---------| | No rate limiting | Attackers brute force passwords via POST /dmsviewer/login | | Predictable response messages | “Invalid username” vs “Invalid password” → user enumeration | | Missing CSRF tokens | Cross-site request forgery can force a login using attacker’s creds | | Session fixation possible | No regeneration of session ID after successful auth | | Plaintext over HTTP | Credentials sniffed on public Wi-Fi | | Backend API bypass | /dmsviewer/getDocument?id=123 accessible without auth if direct object reference exists | dmsviewer/login