Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-231

Information Disclosure in Session ID name

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed
    • Issue Importance:
      Good To Have

      Description

      "Name of Session ID is 'ASP.NET Session ID' This reveals the
      development technology used "

      Please rename the Session ID cookie name

        Attachments

          Activity

          Ascending order - Click to sort in descending order
          vijayendra Vijayendra Shinde (Inactive) created issue -
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Field Original Value New Value
          Status New Request [ 10029 ] Pending for Approval [ 10002 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Pending for Approval [ 10002 ] Approved for Development [ 10003 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Approved for Development [ 10003 ] In Development [ 10007 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: In Progress(10206) Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209)
          Hide
          Permalink
          vijayendra Vijayendra Shinde (Inactive) added a comment -

          Affected files: outer web.config

          Path: trunk\WORKTERRAweb\Web\Web Projects\Web.Config

          Added cookieName="WTCookie" attribute in SessionState.

          Show
          vijayendra Vijayendra Shinde (Inactive) added a comment - Affected files: outer web.config Path: trunk\WORKTERRAweb\Web\Web Projects\Web.Config Added cookieName="WTCookie" attribute in SessionState.
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Zeeshan Chishty [ zeeshan.chishty ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
          Hide
          Permalink
          Zeeshan.Chishty Zeeshan Chishty (Inactive) added a comment -

          Confirmed that Session ID name is changed to WTCookie and does not reveal any technology related information.

          Show
          Zeeshan.Chishty Zeeshan Chishty (Inactive) added a comment - Confirmed that Session ID name is changed to WTCookie and does not reveal any technology related information.
          Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
          Assignee Zeeshan Chishty [ zeeshan.chishty ] Deepali Tidke [ deepalit ]
          Hide
          Permalink
          deepalit Deepali Tidke (Inactive) added a comment -

          Zeeshan Chishty no functional testing is involve in this ticket, if you are done with your testing kindly close.

          Show
          deepalit Deepali Tidke (Inactive) added a comment - Zeeshan Chishty no functional testing is involve in this ticket, if you are done with your testing kindly close.
          deepalit Deepali Tidke (Inactive) made changes -
          Assignee Deepali Tidke [ deepalit ] Zeeshan Chishty [ zeeshan.chishty ]
          Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)
          rakeshr Rakesh Roy (Inactive) made changes -
          Developer Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Local Testing [ 10200 ] Pending for Stage Approval [ 10300 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Pending for Stage Approval [ 10300 ] Approved for Stage [ 10030 ]
          Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
          Assignee Zeeshan Chishty [ zeeshan.chishty ] Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Deepali Tidke [ deepalit ]
          Hide
          Permalink
          deepalit Deepali Tidke (Inactive) added a comment -

          Vijayendra Shinde here we are not sure which functionality exactly needs to be verified, please update accordingly as chnages are done into config file

          Show
          deepalit Deepali Tidke (Inactive) added a comment - Vijayendra Shinde here we are not sure which functionality exactly needs to be verified, please update accordingly as chnages are done into config file
          Hide
          Permalink
          vijayendra Vijayendra Shinde (Inactive) added a comment -

          Hi Deepali,

          Please follow below steps to test this-

          1. Login production with Chrome
          2. Press F12
          3. Refresh site page after login
          4. Go to Resources menu from window opened after F12
          5. Go to Cookies
          6. Search for WTCookie

          We have changed cookie name from ASP.NET_SessionId to WTCookie

          Let me know if you need more details on this.

          Show
          vijayendra Vijayendra Shinde (Inactive) added a comment - Hi Deepali, Please follow below steps to test this- 1. Login production with Chrome 2. Press F12 3. Refresh site page after login 4. Go to Resources menu from window opened after F12 5. Go to Cookies 6. Search for WTCookie We have changed cookie name from ASP.NET_SessionId to WTCookie Let me know if you need more details on this.
          Hide
          Permalink
          deepalit Deepali Tidke (Inactive) added a comment -

          as per the above instructions , checked the cookie name on stage. cookie name can be seen as WTCookie

          Show
          deepalit Deepali Tidke (Inactive) added a comment - as per the above instructions , checked the cookie name on stage. cookie name can be seen as WTCookie
          deepalit Deepali Tidke (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)
          deepalit Deepali Tidke (Inactive) made changes -
          Status Approved for Stage [ 10030 ] Stage Testing [ 10201 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Production Due Date 19/Jul/2016
          deepalit Deepali Tidke (Inactive) made changes -
          Stage Due Date 14/Jul/16 [ 2016-07-14 ]
          ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
          Hide
          Permalink
          deepalit Deepali Tidke (Inactive) added a comment -

          as per the above instructions , checked the cookie name on production. cookie name can be seen as WTCookie

          Show
          deepalit Deepali Tidke (Inactive) added a comment - as per the above instructions , checked the cookie name on production. cookie name can be seen as WTCookie
          deepalit Deepali Tidke (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Production Complete(10222)Level 1 values: Closed(10223)
          deepalit Deepali Tidke (Inactive) made changes -
          Status Stage Testing [ 10201 ] Pending for Production Approval [ 10301 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Status Pending for Production Approval [ 10301 ] Approved for production [ 10034 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Status Approved for production [ 10034 ] Production Testing [ 10202 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Production Testing [ 10202 ] Production Complete [ 10028 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Status Production Complete [ 10028 ] Closed [ 6 ]
          Transition Time In Source Status Execution Times
          Vijayendra Shinde (Inactive) made transition -
          New Request Pending for Approval
          		6m 32s 1
          Vijayendra Shinde (Inactive) made transition -
          Pending for Approval Approved for Development
          		4s 1
          Vijayendra Shinde (Inactive) made transition -
          Approved for Development In Development
          		1s 1
          Vijayendra Shinde (Inactive) made transition -
          In Development In LB Testing
          		10d 20h 27m 1
          Vijayendra Shinde (Inactive) made transition -
          In LB Testing Pending for Stage Approval
          		4m 31s 1
          Vijayendra Shinde (Inactive) made transition -
          Pending for Stage Approval Approved for Stage
          		2s 1
          Deepali Tidke (Inactive) made transition -
          Approved for Stage Stage Testing
          		9d 23h 20m 1
          Deepali Tidke (Inactive) made transition -
          Stage Testing Pending for Production Approval
          		8d 1h 12m 1
          Deepali Tidke (Inactive) made transition -
          Pending for Production Approval Approved for production
          		3s 1
          Deepali Tidke (Inactive) made transition -
          Approved for production In Production Testing
          		2s 1
          Deepali Tidke (Inactive) made transition -
          In Production Testing Production Complete
          		4s 1
          Deepali Tidke (Inactive) made transition -
          Production Complete Closed
          		3s 1

            People

            Assignee:
            deepalit Deepali Tidke (Inactive)
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Developer:
            Vijayendra Shinde (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Pre-Prod Due Date:
              Production Due Date: