Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-250

Insecure direct Object Reference: Confirmation statement

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed
    • Issue Importance:
      Must Have

      Description

      URL:
      https://wt-stage.harbinger.in/Assets/Temp/d4b28f08-dfb5-4923-850c-c53bac2383f6.pdf

      Description:
      login with employee credentials and in confirmation statement there is
      Option to export pdf. This link can be directly accessed and viewed from different machines without Credentials.

      Resolution:
      Restrict all post login pages from getting accessed directly.
      Authorization of the user specific resource must be implemented and publicly they should not be accessible

        Attachments

          Activity

          Ascending order - Click to sort in descending order
          vijayendra Vijayendra Shinde (Inactive) created issue -
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Field Original Value New Value
          Assignee Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Open [ 1 ] In Development [ 10007 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: In Progress(10206) Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209)
          gokul.sonawane Gokul Sonawane (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: LB QA(10201)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Deepali Tidke [ deepalit ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: LB QA(10201) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
          deepalit Deepali Tidke (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: Development(10200)
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Attachment 07_18_2016_15_39_20_921_3864_2.txt [ 22103 ]
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Assignee Deepali Tidke [ deepalit ] Vijayendra Shinde [ ID10506 ]
          kumar.chhajed Kumar Chhajed (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          kumar.chhajed Kumar Chhajed (Inactive) made changes -
          Item State Parent values: Development(10200) Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209)
          kumar.chhajed Kumar Chhajed (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Kumar Chhajed [ kumar.chhajed ]
          gokul.sonawane Gokul Sonawane (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
          kumar.chhajed Kumar Chhajed (Inactive) made changes -
          Assignee Kumar Chhajed [ kumar.chhajed ] Sachin Hingole [ sachin.hingole ]
          kumar.chhajed Kumar Chhajed (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: LB QA(10201)Level 1 values: In Testing(10210)
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: In Testing(10210) Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Stage Due Date 25/Jul/16 [ 2016-07-25 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Production Due Date 26/Jul/2016
          deepalit Deepali Tidke (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)
          deepalit Deepali Tidke (Inactive) made changes -
          Status Local Testing [ 10200 ] Stage Testing [ 10201 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Status Stage Testing [ 10201 ] Production Testing [ 10202 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Developer Kumar Chhajed [ kumar.chhajed ]
          ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
          kumar.chhajed Kumar Chhajed (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)
          sachin.hingole Sachin Hingole (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) Parent values: Production QA(10203)Level 1 values: In Testing(10218)
          rakeshr Rakesh Roy (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Production Testing [ 10202 ] Production Complete [ 10028 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: In Testing(10218) Parent values: Production Complete(10222)Level 1 values: Closed(10223)
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Production Complete [ 10028 ] Closed [ 6 ]

            People

            Assignee:
            sachin.hingole Sachin Hingole (Inactive)
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Developer:
            Kumar Chhajed (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Pre-Prod Due Date:
              Production Due Date: