[NF-2334] All Company- Employee Login - URL parameters - Security - URL parameters in all the SSM pages,reports are displayed in plain text. - Workterra Jira

Details

Type: Bug
Status: Closed
Priority: High
Resolution: Bug Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: UI Refresh
Labels:
None

Environment:

Pre Production
Bug Type:
Functional
Bug Severity:
Medium
Level:

Employee
Module:
BenAdmin - Security
Reported by:
Harbinger
Company:
All Clients/Multiple Clients
Item State:
Stage QA - Production Deployment on Hold
Issue Importance:
Q2

Description

All Company- Employee Login - URL parameters - Security - URL parameter values in all the SSM pages,reports are displayed in plain text.

As observed all the URL parameter values are displayed in plain english text and can be vulnerable for security breach.

This can be generic issue and may exist for Admin,Partners,SA user roles too.

CC : Vijayendra Shinde Sachin Hingole Rakesh Roy Hrishikesh Deshpande Rohan J Khandave Samir

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

CCSF_URLData_notEncrypted.jpg
222 kB
01/Jun/17 12:18 PM
EmpBen.jpg
99 kB
27/Feb/18 12:36 PM
ParameterURL.jpg
180 kB
12/Jan/18 12:15 PM

Issue Links

relates to

NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

To Do

Activity

Descending order - Click to sort in ascending order

Hide

Permalink

Prasad Pise (Inactive) added a comment - 28/Feb/18 12:12 PM

HI Pratap Patil
Beneficiary relationship name issue is resolved on PreProd environment. Now,Relationship name is displayed in plain english text on Beneficiary Page and Beneficiary reports.

Thanks
-Prasad

Show

Prasad Pise (Inactive) added a comment - 28/Feb/18 12:12 PM HI Pratap Patil Beneficiary relationship name issue is resolved on PreProd environment. Now,Relationship name is displayed in plain english text on Beneficiary Page and Beneficiary reports. Thanks -Prasad

Hide

Permalink

Prasad Pise (Inactive) added a comment - 28/Feb/18 09:35 AM

HI Pratap Patil

Beneficiary relationship name issue is resolved on Codemap. As observed, the relationship name is displayed in plain english text on Beneficiary Page and Beneficiary reports.

Thanks

Prasad

Show

Prasad Pise (Inactive) added a comment - 28/Feb/18 09:35 AM HI Pratap Patil Beneficiary relationship name issue is resolved on Codemap. As observed, the relationship name is displayed in plain english text on Beneficiary Page and Beneficiary reports. Thanks Prasad

Hide

Permalink

Pratap Patil (Inactive) added a comment - 28/Feb/18 09:11 AM

Hello Prasad Pise ,

The beneficiary relationship name issue is fixed and deployed on CodeMap . Please verify it .

Thanks,
Pratap

Show

Pratap Patil (Inactive) added a comment - 28/Feb/18 09:11 AM Hello Prasad Pise , The beneficiary relationship name issue is fixed and deployed on CodeMap . Please verify it . Thanks, Pratap

Hide

Permalink

Prasad Pise (Inactive) added a comment - 27/Feb/18 12:37 PM

Hi Komal Barde

I have verified the fixes for following changes on Codemap
1. PCP Pop up scenario
2. Edit/Update Employee Beneficiary request
3. Add another relation ship for beneficiary

I have observed following issue:
On Beneficiary page, Relationship Name's encrypted value is getting displayed on UI.
This issue occurs when employee try to Add/Edit the beneficiary from employee beneficiary page.
PFA screenshot.

CC Vijayendra Shinde

Show

Prasad Pise (Inactive) added a comment - 27/Feb/18 12:37 PM Hi Komal Barde I have verified the fixes for following changes on Codemap 1. PCP Pop up scenario 2. Edit/Update Employee Beneficiary request 3. Add another relation ship for beneficiary I have observed following issue: On Beneficiary page, Relationship Name's encrypted value is getting displayed on UI. This issue occurs when employee try to Add/Edit the beneficiary from employee beneficiary page. PFA screenshot. CC Vijayendra Shinde

Hide

Permalink

Komal Barde (Inactive) added a comment - 26/Feb/18 08:32 AM

List of modified files:

/branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Controllers/EmployeeBeneficiary/EmployeeBeneficiaryController.cs
/branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Controllers/EnrollNow/EnrollNowController.cs
/branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Models/EnrollNow/EnrollNowPVModel.cs
/branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Views/UserDetails/EmployeeBeneficiary/EmployeeBeneficiary.cshtml

Show

Komal Barde (Inactive) added a comment - 26/Feb/18 08:32 AM List of modified files : /branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Controllers/EmployeeBeneficiary/EmployeeBeneficiaryController.cs /branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Controllers/EnrollNow/EnrollNowController.cs /branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Models/EnrollNow/EnrollNowPVModel.cs /branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Views/UserDetails/EmployeeBeneficiary/EmployeeBeneficiary.cshtml

6 older comments

People

Assignee:: Prasad Pise (Inactive)

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 01/Jun/17 12:20 PM

Updated:: 15/Dec/20 02:53 AM

Resolved:: 21/Mar/18 12:27 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

26.5h