-
Type: Bug
-
Status: In LB Testing
-
Priority: High
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: UI Refresh
-
Labels:None
-
Bug Type:Functional
-
Bug Severity:Critical
-
Level:Employee
-
Module:Platform - Security
-
Reported by:Harbinger
-
Item State:Development - On Hold
-
Issue Importance:Q2
-
Code Reviewed By:Vijayendra Shinde
[Security] All Company - EE Login - Enroll Now - Request parameters values on Enroll Now page get altered and can be saved successfully.
Environment : Azure
Login : Employee
Company : Beta Security Test
Employee : Saba Abai / 164215 / Password1@
Tool : ZAP
Replication Steps:
1. Login as Employee
2. Start traversing employee self serve mode through OE/New Hire/Employee Dashboard -> Enroll Now
3. Go to Enroll Now page
4. Go to any plan which is already enrolled or enroll in new plan.
5. Tamper the request parameters like Coverage Amount, Costs for enroll now action.
6. Save the updated values.
7. Verify the Confirmation Statement, Enrollment Summary, Enrollment reports
Real life scenarios those are possible.
1. Employee can increase the Coverage amount keeping the cost (Premium) same.
2. Employee can increase Coverage amount and decrease cost (Premium).
3. Employee can keep same Coverage amount for decreased cost (Premium).
CC : Rakesh RoySamirBharti SatputeVijay SiddhaWT-AdminSachin HingoleHrishikesh DeshpandeGaurav SodaniNidhi Kaulshyam sharma
- relates to
-
NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.
- To Do