New Features 2017Project Type: software

New Features 2017

Uploaded image for project: 'New Features 2017'
  1. New Features 2017
  2. NF-2334

All Company- Employee Login - URL parameters - Security - URL parameters in all the SSM pages,reports are displayed in plain text.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: High
    • Resolution: Bug Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: UI Refresh
    • Labels:
      None
    • Environment:
      Pre Production
    • Bug Type:
      Functional
    • Bug Severity:
      Medium
    • Level:
      Employee
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients
    • Item State:
      Stage QA - Production Deployment on Hold
    • Issue Importance:
      Q2

      Description

      All Company- Employee Login - URL parameters - Security - URL parameter values in all the SSM pages,reports are displayed in plain text.

      As observed all the URL parameter values are displayed in plain english text and can be vulnerable for security breach.

      This can be generic issue and may exist for Admin,Partners,SA user roles too.

      CC : Vijayendra ShindeSachin HingoleRakesh RoyHrishikesh DeshpandeRohan J KhandaveSamir

        Attachments

        1. CCSF_URLData_notEncrypted.jpg
          CCSF_URLData_notEncrypted.jpg
          222 kB
        2. EmpBen.jpg
          EmpBen.jpg
          99 kB
        3. ParameterURL.jpg
          ParameterURL.jpg
          180 kB

          Issue Links

          relates to

          Task - A task that needs to be done. NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

          • Medium - Has the potential to affect progress.
          • To Do

            Activity

            Transition Time In Source Status Execution Times
            Vijayendra Shinde (Inactive) made transition -
            Open In Development
            		3d 16h 42m 1
            Vijayendra Shinde (Inactive) made transition -
            In Development Rejected
            		1m 41s 1
            Prasad Pise (Inactive) made transition -
            Rejected Closed
            		162d 1h 38m 1
            Prasad Pise (Inactive) made transition -
            Closed Reopen in Production
            		59d 6h 31m 1
            Pratap Patil (Inactive) made transition -
            Reopen in Production In Development
            		37d 20h 39m 1
            Sachin Hingole (Inactive) made transition -
            Stage Testing Reopened in Stage
            		4d 23h 5m 1
            Prasad Pise (Inactive) made transition -
            Reopened in Stage In Development
            		5h 19m 1
            Prasad Pise (Inactive) made transition -
            In Development In LB Testing
            		3d 2
            Prasad Pise (Inactive) made transition -
            In LB Testing Stage Testing
            		21h 38m 2
            Prasad Pise (Inactive) made transition -
            Stage Testing In Production Testing
            		14d 18h 40m 1
            Prasad Pise (Inactive) made transition -
            In Production Testing Production Complete
            		6d 5h 48m 1
            Prasad Pise (Inactive) made transition -
            Production Complete Closed
            		1m 30s 1

              People

              Assignee:
              prasadp Prasad Pise (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 26.5h
                  26.5h