New Features 2017Project Type: software

New Features 2017

Uploaded image for project: 'New Features 2017'
  1. New Features 2017
  2. NF-3852

[Security] All Company - EE Login - Enroll Now - Request parameters values on Enroll Now page get altered and can be saved successfully.

    Details

    • Type: Bug
    • Status: In LB Testing
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: UI Refresh
    • Labels:
      None
    • Bug Type:
      Functional
    • Bug Severity:
      Critical
    • Level:
      Employee
    • Module:
      Platform - Security
    • Reported by:
      Harbinger
    • Item State:
      Development - On Hold
    • Issue Importance:
      Q2

      Description

      [Security] All Company - EE Login - Enroll Now - Request parameters values on Enroll Now page get altered and can be saved successfully.

      Environment : Azure
      Login : Employee
      Company : Beta Security Test
      Employee : Saba Abai / 164215 / Password1@
      Tool : ZAP

      Replication Steps:
      1. Login as Employee
      2. Start traversing employee self serve mode through OE/New Hire/Employee Dashboard -> Enroll Now
      3. Go to Enroll Now page
      4. Go to any plan which is already enrolled or enroll in new plan.
      5. Tamper the request parameters like Coverage Amount, Costs for enroll now action.
      6. Save the updated values.
      7. Verify the Confirmation Statement, Enrollment Summary, Enrollment reports

      Real life scenarios those are possible.
      1. Employee can increase the Coverage amount keeping the cost (Premium) same.
      2. Employee can increase Coverage amount and decrease cost (Premium).
      3. Employee can keep same Coverage amount for decreased cost (Premium).

      CC : Rakesh RoySamirBharti SatputeVijay SiddhaSatyaSachin HingoleHrishikesh DeshpandeGaurav SodaniNidhi Kaulshyam sharma

        Attachments

        1. EE_EePlanEligibilityRpt.jpg
          EE_EePlanEligibilityRpt.jpg
          210 kB
        2. EE_EnrollmentReport.jpg
          EE_EnrollmentReport.jpg
          142 kB
        3. EECoverageAndCost_Intercept.doc
          1.06 MB
        4. EnrollNowTamper_After.jpg
          EnrollNowTamper_After.jpg
          118 kB
        5. EnrollNowTamper_Before.jpg
          EnrollNowTamper_Before.jpg
          366 kB
        6. EnrollNowTamper_CostChange.jpg
          EnrollNowTamper_CostChange.jpg
          209 kB
        7. Re-Open_EnrollNow.jpg
          279 kB

          Issue Links

          relates to

          Task - A task that needs to be done. NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

          • Medium - Has the potential to affect progress.
          • To Do

            Activity

            Ascending order - Click to sort in descending order
            prasadp Prasad Pise (Inactive) created issue -
            prasadp Prasad Pise (Inactive) made changes -
            Field Original Value New Value
            Link This issue relates to NF-2714 [ NF-2714 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Assignee Vijayendra Shinde [ ID10506 ] Rohan J Khandave [ rohan.khandave ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Status Open [ 1 ] In Development [ 10007 ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: In Analysis(10204)
            Remaining Estimate 24h [ 86400 ]
            Original Estimate 24h [ 86400 ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Remaining Estimate 24h [ 86400 ] 21h [ 75600 ]
            Time Spent 3h [ 10800 ]
            Worklog Id 66661 [ 66661 ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Remaining Estimate 21h [ 75600 ] 18.5h [ 66600 ]
            Time Spent 3h [ 10800 ] 5.5h [ 19800 ]
            Worklog Id 67756 [ 67756 ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: In Analysis(10204) Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209)
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Code Review Date 31/Jul/2017
            Code Reviewed By Vijayendra Shinde [ 11901 ]
            Developer Rohan J Khandave [ rohan.khandave ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Remaining Estimate 18.5h [ 66600 ] 17h [ 61200 ]
            Time Spent 5.5h [ 19800 ] 7h [ 25200 ]
            Worklog Id 68119 [ 68119 ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Status In Development [ 10007 ] Local Testing [ 10200 ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Assignee Rohan J Khandave [ rohan.khandave ] Prasad Pise [ prasadp ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Remaining Estimate 17h [ 61200 ] 15h [ 54000 ]
            Time Spent 7h [ 25200 ] 9h [ 32400 ]
            Worklog Id 68520 [ 68520 ]
            ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
            prasadp Prasad Pise (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: LB QA(10201)Level 1 values: In Testing(10210)
            prasadp Prasad Pise (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: In Testing(10210) Parent values: LB QA(10201)Level 1 values: Re-open(10212)
            prasadp Prasad Pise (Inactive) made changes -
            Attachment Re-Open_EnrollNow.jpg [ 57375 ]
            prasadp Prasad Pise (Inactive) made changes -
            Assignee Prasad Pise [ prasadp ] Rohan J Khandave [ rohan.khandave ]
            rohan.khandave Rohan J Khandave (Inactive) made changes -
            Assignee Rohan J Khandave [ rohan.khandave ] Prasad Pise [ prasadp ]
            prasadp Prasad Pise (Inactive) made changes -
            Remaining Estimate 15h [ 54000 ] 13.5h [ 48600 ]
            Time Spent 9h [ 32400 ] 10.5h [ 37800 ]
            Worklog Id 68931 [ 68931 ]
            prasadp Prasad Pise (Inactive) made changes -
            Remaining Estimate 13.5h [ 48600 ] 12.5h [ 45000 ]
            Time Spent 10.5h [ 37800 ] 11.5h [ 41400 ]
            Worklog Id 69034 [ 69034 ]
            prasadp Prasad Pise (Inactive) made changes -
            Remaining Estimate 12.5h [ 45000 ] 10.5h [ 37800 ]
            Time Spent 11.5h [ 41400 ] 13.5h [ 48600 ]
            Worklog Id 69222 [ 69222 ]
            prasadp Prasad Pise (Inactive) made changes -
            Assignee Prasad Pise [ prasadp ] Santosh Balid [ santosh.balid ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: Re-open(10212) Parent values: Development(10200)Level 1 values: On Hold(10207)
            santosh.balid Santosh Balid (Inactive) made changes -
            Assignee Santosh Balid [ santosh.balid ] Gaurav Sodani [ gaurav.sodani ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Link This issue relates to DEV-13718 [ DEV-13718 ]

              People

              Assignee:
              gaurav.sodani Gaurav Sodani (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Developer:
              Rohan J Khandave (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Code Review Date:

                  Time Tracking

                  Estimated:
                  Original Estimate - 24h
                  24h
                  Remaining:
                  Time Spent - 13.5h Remaining Estimate - 10.5h
                  10.5h
                  Logged:
                  Time Spent - 13.5h Remaining Estimate - 10.5h
                  13.5h