Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-91

Old password not required to change email. Old password should be mandatory.

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed

      Description

      Praetorian discovered this vulnerability while examining the application’s user account management features. This feature does not require a user's current password to update their email address. This is shown in the figure below.

      Ideally on Partner/Broker or company admin page, we should not able to update any field without asking old password. This password should not be sent to client side for verification.

        Attachments

          Issue Links

          relates to

          Change Request - Change Request WT-1981 Localization for password authentication

          • Medium - Has the potential to affect progress.
          • Closed

            Activity

            Transition Time In Source Status Execution Times
            Niteen Surwase (Inactive) made transition -
            New Request Pending for Approval
            		7d 23h 43m 1
            Niteen Surwase (Inactive) made transition -
            Pending for Approval Approved for Development
            		5s 1
            Niteen Surwase (Inactive) made transition -
            Approved for Development In Development
            		3s 1
            Niteen Surwase (Inactive) made transition -
            In Development In LB Testing
            		1h 8m 1
            Zeeshan Chishty (Inactive) made transition -
            In LB Testing Pending for Stage Approval
            		33d 1h 21m 1
            Niteen Surwase (Inactive) made transition -
            Pending for Stage Approval Approved for Stage
            		44d 17h 54m 1
            Zeeshan Chishty (Inactive) made transition -
            Approved for Stage Stage Testing
            		23h 26m 1
            Zeeshan Chishty (Inactive) made transition -
            Stage Testing Pending for Production Approval
            		4s 1
            Niteen Surwase (Inactive) made transition -
            Pending for Production Approval Approved for production
            		4d 6h 15m 1
            Rakesh Roy (Inactive) made transition -
            Approved for production In Production Testing
            		23m 27s 1
            Kunal Kedari (Inactive) made transition -
            In Production Testing Production Complete
            		12d 15h 37m 1
            Kunal Kedari (Inactive) made transition -
            Production Complete Closed
            		43s 1

              People

              Assignee:
              kunal.kedari Kunal Kedari (Inactive)
              Reporter:
              vijayendra Vijayendra Shinde (Inactive)
              Developer:
              Niteen Surwase (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: