New Features 2017Project Type: software

New Features 2017

Uploaded image for project: 'New Features 2017'
  1. New Features 2017
  2. NF-2965

[Security]-[Authorization Failure]-[Azure] Employee can access all Admin pages over the URL and able to update the customization/settings for those pages.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: High
    • Resolution: Bug Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: UI Refresh
    • Labels:
      None
    • Environment:
      Others
    • Bug Type:
      Functional
    • Bug Severity:
      Medium
    • Level:
      Admin
    • Module:
      Platform
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients
    • Item State:
      LB QA - In Testing
    • Issue Importance:
      Q2

      Description

      [Security]-[Authorization Failure] Employee can access all Admin pages over the URL and able to update the customization/settings for those pages.

      Environment : Azure
      Replication Steps:
      1. Login as Company Admin
      2. GO to Company Information Page.
      3. Copy the URL
      4. Login with Employee of same company in another browser.
      5. Paste the URL in employee's session.
      6. Access the Admin pages and try to update settings.

      Observed Same behavior on multiple pages like All tabs in Company Information, Manage Admin Users, Security Page, Site Branding and Themes etc.
      It seems that this issue is with all pages and necessary access level entries are missing.

      Expected Result:

      As soon as any admin level page URL is accessed by Employee Login it should show the Unauthorized Access page and restrict user for further actions.

      CC : Rakesh RoySachin HingoleHrishikesh DeshpandeVijay SiddhaVijayendra ShindeRohan J KhandaveBharti SatputeSamir

        Attachments

        1. Empl__CAPagesAdminUsers.jpg
          Empl__CAPagesAdminUsers.jpg
          124 kB
        2. Empl_Access_CAPagesCompInfo.jpg
          Empl_Access_CAPagesCompInfo.jpg
          135 kB
        3. EmployeeLoign.jpg
          EmployeeLoign.jpg
          148 kB
        4. AdminLogin.jpg
          AdminLogin.jpg
          162 kB
        5. PageLevelAccess.png
          PageLevelAccess.png
          139 kB

          Issue Links

          relates to

          Task - A task that needs to be done. NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

          • Medium - Has the potential to affect progress.
          • To Do

            Activity

            Ascending order - Click to sort in descending order
            prasadp Prasad Pise (Inactive) created issue -
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Field Original Value New Value
            Assignee shyam sharma [ shyam sharma ] Vijayendra Shinde [ ID10506 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Assignee Vijayendra Shinde [ ID10506 ] Ashwin Wankhede [ ashwin.wankhede ]
            shyam.sharma shyam sharma (Inactive) made changes -
            Level Admin,Employee [ 15800, 15801 ] Admin [ 15800 ]
            prasadp Prasad Pise (Inactive) made changes -
            Bug Severity Critical [ 16701 ]
            prasadp Prasad Pise (Inactive) made changes -
            Bug Severity Critical [ 16701 ] Medium [ 16702 ]
            prasadp Prasad Pise (Inactive) made changes -
            Link This issue relates to NF-2714 [ NF-2714 ]
            ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
            Assignee Ashwin Wankhede [ ashwin.wankhede ] Prasad Pise [ prasadp ]
            prasadp Prasad Pise (Inactive) made changes -
            Remaining Estimate 4h [ 14400 ]
            Original Estimate 4h [ 14400 ]
            prasadp Prasad Pise (Inactive) made changes -
            Remaining Estimate 4h [ 14400 ] 3.75h [ 13500 ]
            Time Spent 0.25h [ 900 ]
            Worklog Id 69805 [ 69805 ]
            prasadp Prasad Pise (Inactive) made changes -
            Assignee Prasad Pise [ prasadp ] Jayshree Nagpure [ jayshree.nagpure ]
            jayshree.nagpure Jayshree Nagpure (Inactive) made changes -
            Attachment AdminLogin.jpg [ 57954 ]
            Attachment EmployeeLoign.jpg [ 57955 ]
            jayshree.nagpure Jayshree Nagpure (Inactive) made changes -
            Remaining Estimate 3.75h [ 13500 ] 2.75h [ 9900 ]
            Time Spent 0.25h [ 900 ] 1.25h [ 4500 ]
            Worklog Id 70122 [ 70122 ]
            jayshree.nagpure Jayshree Nagpure (Inactive) made changes -
            Assignee Jayshree Nagpure [ jayshree.nagpure ] Prasad Pise [ prasadp ]
            prasadp Prasad Pise (Inactive) made changes -
            Assignee Prasad Pise [ prasadp ] Nidhi Kaul [ nidhi.kaul ]
            nidhi.kaul Nidhi Kaul (Inactive) made changes -
            Assignee Nidhi Kaul [ nidhi.kaul ] Vijayendra Shinde [ ID10506 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Attachment PageLevelAccess.png [ 68229 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Assignee Vijayendra Shinde [ ID10506 ] Ashwin Wankhede [ ashwin.wankhede ]
            ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
            Assignee Ashwin Wankhede [ ashwin.wankhede ] Prasad Pise [ prasadp ]
            anirudha.joshi anirudha joshi (Inactive) made changes -
            Assignee Prasad Pise [ prasadp ] Vijayendra Shinde [ ID10506 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Assignee Vijayendra Shinde [ ID10506 ] Vishal Yadav [ vishal.yadav ]
            vishal.yadav Vishal Yadav (Inactive) made changes -
            Status Open [ 1 ] In Development [ 10007 ]
            anirudha.joshi anirudha joshi (Inactive) made changes -
            Remaining Estimate 2.75h [ 9900 ] 0h [ 0 ]
            Time Spent 1.25h [ 4500 ] 6.25h [ 22500 ]
            Worklog Id 93626 [ 93626 ]
            vishal.yadav Vishal Yadav (Inactive) made changes -
            Company All Clients/Multiple Clients [ 18434 ]
            Environment Others [ 18445 ]
            Item State Parent values: Development(10200)Level 1 values: In Progress(10206)
            vishal.yadav Vishal Yadav (Inactive) made changes -
            Assignee Vishal Yadav [ vishal.yadav ] Prasad Pise [ prasadp ]
            vishal.yadav Vishal Yadav (Inactive) made changes -
            Time Spent 6.25h [ 22500 ] 8.25h [ 29700 ]
            Worklog Id 94020 [ 94020 ]
            vishal.yadav Vishal Yadav (Inactive) made changes -
            Time Spent 8.25h [ 29700 ] 9.25h [ 33300 ]
            Worklog Id 94024 [ 94024 ]
            sachin.hingole Sachin Hingole (Inactive) made changes -
            Status In Development [ 10007 ] Local Testing [ 10200 ]
            hrishikesh.deshpande Hrishikesh Deshpande (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: In Progress(10206) Parent values: LB QA(10201)Level 1 values: In Testing(10210)
            prasadp Prasad Pise (Inactive) made changes -
            Status Local Testing [ 10200 ] Stage Testing [ 10201 ]
            prasadp Prasad Pise (Inactive) made changes -
            Status Stage Testing [ 10201 ] Production Testing [ 10202 ]
            prasadp Prasad Pise (Inactive) made changes -
            Time Spent 9.25h [ 33300 ] 9.5h [ 34200 ]
            Worklog Id 109427 [ 109427 ]
            prasadp Prasad Pise (Inactive) made changes -
            Resolution Bug Fixed [ 10402 ]
            Status Production Testing [ 10202 ] Production Complete [ 10028 ]
            prasadp Prasad Pise (Inactive) made changes -
            Status Production Complete [ 10028 ] Closed [ 6 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Link This issue relates to DEV-13718 [ DEV-13718 ]

              People

              Assignee:
              prasadp Prasad Pise (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4h Original Estimate - 4h
                  4h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 9.5h
                  9.5h