[NF-2334] All Company- Employee Login - URL parameters - Security - URL parameters in all the SSM pages,reports are displayed in plain text. - Workterra Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: High
Resolution: Bug Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: UI Refresh
Labels:
None

Environment:

Pre Production
Bug Type:
Functional
Bug Severity:
Medium
Level:

Employee
Module:
BenAdmin - Security
Reported by:
Harbinger
Company:
All Clients/Multiple Clients
Item State:
Stage QA - Production Deployment on Hold
Issue Importance:
Q2

Code Reviewed By:

Vijayendra Shinde

Description

All Company- Employee Login - URL parameters - Security - URL parameter values in all the SSM pages,reports are displayed in plain text.

As observed all the URL parameter values are displayed in plain english text and can be vulnerable for security breach.

This can be generic issue and may exist for Admin,Partners,SA user roles too.

CC : Vijayendra Shinde Sachin Hingole Rakesh Roy Hrishikesh Deshpande Rohan J Khandave Samir

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

CCSF_URLData_notEncrypted.jpg
222 kB
01/Jun/17 12:18 PM
ParameterURL.jpg
180 kB
12/Jan/18 12:15 PM
EmpBen.jpg
99 kB
27/Feb/18 12:36 PM

Issue Links

relates to

NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

To Do

Activity

People

Assignee:: Prasad Pise (Inactive)

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 01/Jun/17 12:20 PM

Updated:: 15/Dec/20 02:53 AM

Resolved:: 21/Mar/18 12:27 PM

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

26.5h