-
Type:
Bug
-
Status: Closed
-
Priority:
High
-
Resolution: Bug Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: UI Refresh
-
Labels:None
-
Environment:Pre Production
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Employee
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Company:All Clients/Multiple Clients
-
Item State:Stage QA - Production Deployment on Hold
-
Issue Importance:Q2
All Company- Employee Login - URL parameters - Security - URL parameter values in all the SSM pages,reports are displayed in plain text.
As observed all the URL parameter values are displayed in plain english text and can be vulnerable for security breach.
This can be generic issue and may exist for Admin,Partners,SA user roles too.
CC : Vijayendra ShindeSachin HingoleRakesh RoyHrishikesh DeshpandeRohan J KhandaveSamir
- relates to
-
NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.
-
- To Do
-
-
- Time Spent:
- 5h
-
Analysis, Code Correction and unit testing , impact testing .
-
- Time Spent:
- 2h
-
Codemap Verification
Internal Discussion
-
- Time Spent:
- 0.5h
-
Internal Discussion
URL repro
Komal Barde (Inactive)
logged work - 23/Feb/18 05:22 PM -
- Time Spent:
- 7h
-
Analysis
Code Correction
Unit testing
Discussion with Pratap and Prasad for issue repro
Komal Barde (Inactive)
logged work - 26/Feb/18 12:10 PM -
- Time Spent:
- 2h
-
- Unit testing
- Attained code review
- Code merge and commit
-
- Time Spent:
- 2h
-
Verification, Internal Discusison
Issue Repro on Codemap and Preprod
Komal Barde (Inactive)
logged work - 27/Feb/18 04:57 PM -
- Time Spent:
- 2h
-
- Analysis
- Code Correction
- Unit testing
- Discussion with Pratap and Prasad for issue repro
-
- Time Spent:
- 3h
-
Internal Discussions
Verification on Codemap and Preprod environment for Beneficiary Changes
Employee Self Serve Mode verification for Codemap and PreProd
