[ST-250] Insecure direct Object Reference: Confirmation statement - Workterra Jira

Details

Type: Bug
Status: Closed
Priority: Medium
Resolution: Done
Component/s: BenAdmin
Labels:
None

Module:
BenAdmin - Security
Reported by:
Support
Item State:
Production Complete - Closed
Issue Importance:
Must Have

Description

URL:
https://wt-stage.harbinger.in/Assets/Temp/d4b28f08-dfb5-4923-850c-c53bac2383f6.pdf

Description:
login with employee credentials and in confirmation statement there is
Option to export pdf. This link can be directly accessed and viewed from different machines without Credentials.

Resolution:
Restrict all post login pages from getting accessed directly.
Authorization of the user specific resource must be implemented and publicly they should not be accessible

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

07_18_2016_15_39_20_921_3864_2.txt
0.1 kB
18/Jul/16 10:10 AM

Activity

People

Assignee:: Sachin Hingole (Inactive)

Reporter:: Vijayendra Shinde (Inactive)

Developer:: Kumar Chhajed (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 13/Jul/16 07:22 AM

Updated:: 01/Aug/16 06:26 PM

Resolved:: 01/Aug/16 06:26 PM

Pre-Prod Due Date:: 25/Jul/2016

Production Due Date:: 26/Jul/2016