[ST-107] Web Security: INTERNAL IP ADDRESS REVEALED - Workterra Jira

Details

Type: Enhancement
Status: Closed
Priority: High
Resolution: Done
Component/s: BenAdmin
Labels:
- Security

Module:
BenAdmin - Security
Reported by:
Support
Item State:
Production Complete - Closed
Issue Importance:
Must Have
Sprint:
ST Sprint 1

Description

An internal IP address was returned within the response HTML. While not always visible in the rendered HTML, it was visible within the HTML source.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Internal IP revealed.jpg
111 kB
25/Apr/16 12:44 PM

Issue Links

is blocked by

ST-169 Internal IP revealed-related to ST-107

Closed

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Niteen Surwase (Inactive) added a comment - 04/Apr/16 11:18 AM - edited

In earlier scenarios Server IPs were visible in following files. This is resolved in this ticket.

Please check following File Paths :
1. AddXpress Company module - Upload logo and check for IP by inspecting logo.
2. ConfigureLandingPage - Upload Image and check for IP by inspecting Image.
3. IncompleteEnrollmentNotifications - Upload File and check for IP by inspecting file link.

Show

Niteen Surwase (Inactive) added a comment - 04/Apr/16 11:18 AM - edited In earlier scenarios Server IPs were visible in following files. This is resolved in this ticket. Please check following File Paths : 1. AddXpress Company module - Upload logo and check for IP by inspecting logo. 2. ConfigureLandingPage - Upload Image and check for IP by inspecting Image. 3. IncompleteEnrollmentNotifications - Upload File and check for IP by inspecting file link.

Hide

Permalink

Amit Gude (Inactive) added a comment - 20/Apr/16 09:03 AM

Assigning to Zeeshan

Show

Amit Gude (Inactive) added a comment - 20/Apr/16 09:03 AM Assigning to Zeeshan

Hide

Permalink

Zeeshan Chishty (Inactive) added a comment - 25/Apr/16 12:44 PM

Show

Zeeshan Chishty (Inactive) added a comment - 25/Apr/16 12:44 PM

Hide

Permalink

Zeeshan Chishty (Inactive) added a comment - 25/Apr/16 12:48 PM

Not Verified as Internal IP addresses was revealed in error response to Employee Feedback file upload and sent mail.
But when tested in Praetorian Identified vulnerable response the issue is fixed for below page.
/BenAdmin/UserDetails/UserDetails/IncompleteEnrollmentNotification

Show

Zeeshan Chishty (Inactive) added a comment - 25/Apr/16 12:48 PM Not Verified as Internal IP addresses was revealed in error response to Employee Feedback file upload and sent mail. But when tested in Praetorian Identified vulnerable response the issue is fixed for below page. /BenAdmin/UserDetails/UserDetails/IncompleteEnrollmentNotification

Hide

Permalink

Niteen Surwase (Inactive) added a comment - 01/Jul/16 11:10 AM

Hi Zeeshan Chishty

We were not able to reproduce this issue. So, please approve implemented issue for stage

Show

Niteen Surwase (Inactive) added a comment - 01/Jul/16 11:10 AM Hi Zeeshan Chishty We were not able to reproduce this issue. So, please approve implemented issue for stage

Hide

Permalink

Zeeshan Chishty (Inactive) added a comment - 05/Jul/16 09:23 AM

Hi Rakesh Roy We can close this ticket as we are not able to reproduce this issue.
When tested in Praetorian Identified vulnerable response page the issue is fixed and no internal IP is revealed.

Show

Zeeshan Chishty (Inactive) added a comment - 05/Jul/16 09:23 AM Hi Rakesh Roy We can close this ticket as we are not able to reproduce this issue. When tested in Praetorian Identified vulnerable response page the issue is fixed and no internal IP is revealed.

Hide

Permalink

Deepali Tidke (Inactive) added a comment - 07/Jul/16 10:05 AM

as per above comments closing this ticket

Show

Deepali Tidke (Inactive) added a comment - 07/Jul/16 10:05 AM as per above comments closing this ticket

Hide

Permalink

Niteen Surwase (Inactive) added a comment - 18/Jul/16 07:24 AM

Hi Deepali Tidke

Make it ready for stage for implemented change.
For more discussion approach me.

Show

Niteen Surwase (Inactive) added a comment - 18/Jul/16 07:24 AM Hi Deepali Tidke Make it ready for stage for implemented change. For more discussion approach me.

Hide

Permalink

Deepali Tidke (Inactive) added a comment - 18/Jul/16 08:40 AM

Kindly discuss with Niteen for more details

Show

Deepali Tidke (Inactive) added a comment - 18/Jul/16 08:40 AM Kindly discuss with Niteen for more details

Hide

Permalink

Kunal Kedari (Inactive) added a comment - 20/Jul/16 05:54 AM

Hi Niteen Surwase,

We have verified the mentioned change on local (wt-stage), we inspected the mentioned pages and check whether internal IP is displaying anywhere. After fix internal IP address is not displaying anywhere. Along with this we have also perform sanity testing for mentioned pages as well, no issue found during sanity. We can deploy the change to Stage.

Show

Kunal Kedari (Inactive) added a comment - 20/Jul/16 05:54 AM Hi Niteen Surwase , We have verified the mentioned change on local (wt-stage), we inspected the mentioned pages and check whether internal IP is displaying anywhere. After fix internal IP address is not displaying anywhere. Along with this we have also perform sanity testing for mentioned pages as well, no issue found during sanity. We can deploy the change to Stage.

People

Assignee:: Kunal Kedari (Inactive)

Reporter:: Samir

Developer:: Niteen Surwase (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 23/Mar/16 11:32 AM

Updated:: 15/Dec/20 02:40 AM

Resolved:: 07/Jul/16 10:07 AM