-
Type:
Bug
-
Status: Closed
-
Priority:
High
-
Resolution: Bug Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: UI Refresh
-
Labels:None
-
Environment:Pre Production
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Employee
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Company:All Clients/Multiple Clients
-
Item State:Stage QA - Production Deployment on Hold
-
Issue Importance:Q2
All Company- Employee Login - URL parameters - Security - URL parameter values in all the SSM pages,reports are displayed in plain text.
As observed all the URL parameter values are displayed in plain english text and can be vulnerable for security breach.
This can be generic issue and may exist for Admin,Partners,SA user roles too.
CC : Vijayendra ShindeSachin HingoleRakesh RoyHrishikesh DeshpandeRohan J KhandaveSamir
- relates to
-
NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.
-
- To Do
-
Hi Komal Barde
I have verified the fixes for following changes on Codemap
1. PCP Pop up scenario
2. Edit/Update Employee Beneficiary request
3. Add another relation ship for beneficiary
I have observed following issue:
On Beneficiary page, Relationship Name's encrypted value is getting displayed on UI.
This issue occurs when employee try to Add/Edit the beneficiary from employee beneficiary page.
PFA screenshot.
Hello Prasad Pise ,
The beneficiary relationship name issue is fixed and deployed on CodeMap . Please verify it .
Thanks,
Pratap
HI Pratap Patil
Beneficiary relationship name issue is resolved on Codemap. As observed, the relationship name is displayed in plain english text on Beneficiary Page and Beneficiary reports.
Thanks
- Prasad
HI Pratap Patil
Beneficiary relationship name issue is resolved on PreProd environment. Now,Relationship name is displayed in plain english text on Beneficiary Page and Beneficiary reports.
Thanks
-Prasad
List of modified files: