Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-91

Old password not required to change email. Old password should be mandatory.

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed

      Description

      Praetorian discovered this vulnerability while examining the application’s user account management features. This feature does not require a user's current password to update their email address. This is shown in the figure below.

      Ideally on Partner/Broker or company admin page, we should not able to update any field without asking old password. This password should not be sent to client side for verification.

        Attachments

          Issue Links

          relates to

          Change Request - Change Request WT-1981 Localization for password authentication

          • Medium - Has the potential to affect progress.
          • Closed

            Activity

            Ascending order - Click to sort in descending order
            vijayendra Vijayendra Shinde (Inactive) created issue -
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Field Original Value New Value
            Assignee Niteen Surwase [ niteen.surwase ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Summary Current password not required to change email Old password not required to change email. It should mandatory.
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Summary Old password not required to change email. It should mandatory. Old password not required to change email. Old password should be mandatory.
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Status New Request [ 10029 ] Pending for Approval [ 10002 ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Status Pending for Approval [ 10002 ] Approved for Development [ 10003 ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Status Approved for Development [ 10003 ] In Development [ 10007 ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Assignee Niteen Surwase [ niteen.surwase ] Amit Gude [ amitg ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Attachment Status of Pwd Auth.xls [ 14400 ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Status In Development [ 10007 ] Local Testing [ 10200 ]
            amitg Amit Gude (Inactive) made changes -
            Assignee Amit Gude [ amitg ] Zeeshan Chishty [ zeeshan.chishty ]
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Status Local Testing [ 10200 ] Pending for Stage Approval [ 10300 ]
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Assignee Zeeshan Chishty [ zeeshan.chishty ] Niteen Surwase [ niteen.surwase ]
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Labels Security
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: In Progress(10206) Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) Parent values: Development(10200)
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Item State Parent values: Development(10200) Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Status Pending for Stage Approval [ 10300 ] Approved for Stage [ 10030 ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Assignee Niteen Surwase [ niteen.surwase ] Zeeshan Chishty [ zeeshan.chishty ]
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Item State Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Status Approved for Stage [ 10030 ] Stage Testing [ 10201 ]
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Status Stage Testing [ 10201 ] Pending for Production Approval [ 10301 ]
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Assignee Zeeshan Chishty [ zeeshan.chishty ] Vijayendra Shinde [ ID10506 ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Developer Niteen Surwase [ niteen.surwase ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Assignee Vijayendra Shinde [ ID10506 ] Zeeshan Chishty [ zeeshan.chishty ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Item State Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Status Pending for Production Approval [ 10301 ] Approved for production [ 10034 ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Assignee Zeeshan Chishty [ zeeshan.chishty ] Rakesh Roy [ rakeshr ]
            rakeshr Rakesh Roy (Inactive) made changes -
            Assignee Rakesh Roy [ rakeshr ] Zeeshan Chishty [ zeeshan.chishty ]
            rakeshr Rakesh Roy (Inactive) made changes -
            Status Approved for production [ 10034 ] Production Testing [ 10202 ]
            Zeeshan.Chishty Zeeshan Chishty (Inactive) made changes -
            Assignee Zeeshan Chishty [ zeeshan.chishty ] Deepali Tidke [ deepalit ]
            deepalit Deepali Tidke (Inactive) made changes -
            Assignee Deepali Tidke [ deepalit ] Kunal Kedari [ kunal.kedari ]
            niteen.surwase Niteen Surwase (Inactive) made changes -
            Link This issue relates to WT-1981 [ WT-1981 ]
            kunal.kedari Kunal Kedari (Inactive) made changes -
            Resolution Fixed [ 1 ]
            Status Production Testing [ 10202 ] Production Complete [ 10028 ]
            kunal.kedari Kunal Kedari (Inactive) made changes -
            Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Production QA(10203)Level 1 values: In Testing(10218)
            kunal.kedari Kunal Kedari (Inactive) made changes -
            Item State Parent values: Production QA(10203)Level 1 values: In Testing(10218) Parent values: Production Complete(10222)Level 1 values: Closed(10223)
            kunal.kedari Kunal Kedari (Inactive) made changes -
            Status Production Complete [ 10028 ] Closed [ 6 ]
            kunal.kedari Kunal Kedari (Inactive) made changes -
            Attachment TestCases_PasswordRequiredToChangeEmail.xls [ 20745 ]

              People

              Assignee:
              kunal.kedari Kunal Kedari (Inactive)
              Reporter:
              vijayendra Vijayendra Shinde (Inactive)
              Developer:
              Niteen Surwase (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: