Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-250

Insecure direct Object Reference: Confirmation statement

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed
    • Issue Importance:
      Must Have

      Description

      URL:
      https://wt-stage.harbinger.in/Assets/Temp/d4b28f08-dfb5-4923-850c-c53bac2383f6.pdf

      Description:
      login with employee credentials and in confirmation statement there is
      Option to export pdf. This link can be directly accessed and viewed from different machines without Credentials.

      Resolution:
      Restrict all post login pages from getting accessed directly.
      Authorization of the user specific resource must be implemented and publicly they should not be accessible

        Attachments

          Activity

          Hide
          sachin.hingole Sachin Hingole (Inactive) added a comment -

          PCORI is downloaded without issue for Partner Login and Admin Login.

          Deepali Tidke Please verify confirmation statement report using all log in.

          Show
          sachin.hingole Sachin Hingole (Inactive) added a comment - PCORI is downloaded without issue for Partner Login and Admin Login. Deepali Tidke Please verify confirmation statement report using all log in.
          Hide
          deepalit Deepali Tidke (Inactive) added a comment - - edited

          Checked the Confirmation statement from EE, partner and admin level >> now on click of PDF for confirmation statement >> statement downloads.

          Show
          deepalit Deepali Tidke (Inactive) added a comment - - edited Checked the Confirmation statement from EE, partner and admin level >> now on click of PDF for confirmation statement >> statement downloads.
          Hide
          kumar.chhajed Kumar Chhajed (Inactive) added a comment -

          Vijayendra Shinde Deepali Tidke Sachin Hingole

          Note - The point deployed under this JIRA on Production is only for the issue of PCORI download for Admin login. Other points will get deployed after production build.

          Show
          kumar.chhajed Kumar Chhajed (Inactive) added a comment - Vijayendra Shinde Deepali Tidke Sachin Hingole Note - The point deployed under this JIRA on Production is only for the issue of PCORI download for Admin login. Other points will get deployed after production build.
          Hide
          sachin.hingole Sachin Hingole (Inactive) added a comment -

          PCORI is downloaded without issue for Partner Login and Admin Login.

          Deepali Tidke Please verify confirmation statement report using all log in and close this JIRA.

          Show
          sachin.hingole Sachin Hingole (Inactive) added a comment - PCORI is downloaded without issue for Partner Login and Admin Login. Deepali Tidke Please verify confirmation statement report using all log in and close this JIRA.
          Hide
          rakeshr Rakesh Roy (Inactive) added a comment -

          Working fine for confirmation statement.

          Show
          rakeshr Rakesh Roy (Inactive) added a comment - Working fine for confirmation statement.

            People

            Assignee:
            sachin.hingole Sachin Hingole (Inactive)
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Developer:
            Kumar Chhajed (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Pre-Prod Due Date:
              Production Due Date: