Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-12126

Production | Firefox | Change password | Admin Login | UserId is populating with Security question answer

    Details

    • Type: Bug
    • Status: Resolution Setting
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: BenAdmin
    • Labels:
      None
    • Environment:
      Production
    • Bug Type:
      Functional
    • Bug Severity:
      Medium
    • Level:
      Admin
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients
    • Item State:
      LB QA - Ready for Stage

      Description

      Environment: Production
      Login: Company admin
      Page: Change Password Password
      Browser: Fire fox

      Admin login > Change Password > New Password field is auto filled

      screen capture for the same is attached with jira.

      Hrishikesh Deshpande Rakesh Roy

        Attachments

        1. Screenshot (5).png
          Screenshot (5).png
          81 kB
        2. Screenshot (6).png
          Screenshot (6).png
          80 kB
        3. TestCase_LoginPage.xls
          35 kB
        4. WT-12126 Description.odt
          46 kB

          Issue Links

            Activity

            Hide
            priya.dhamande Priya Dhamande (Inactive) added a comment -

            The issue is applicable for Admin Change password and mployee Change Password Page with Company admin login.

            Hrishikesh Deshpande

            Show
            priya.dhamande Priya Dhamande (Inactive) added a comment - The issue is applicable for Admin Change password and mployee Change Password Page with Company admin login. Hrishikesh Deshpande
            Hide
            niteen.surwase Niteen Surwase (Inactive) added a comment -

            Hi Swapnil Pandhare,

            Analysis done. Follwing are the solution tried on local;
            1: Added 'readonly' on document.ready -NOT WORKED
            2: Disabled fields until we load whole page -NOT WORKED

            Not able fix this issue as Chrome Browser auto-fills saved password on double click on that password field.

            Thanks,
            Niteen S.

            Cc: Satya Samir

            Show
            niteen.surwase Niteen Surwase (Inactive) added a comment - Hi Swapnil Pandhare , Analysis done. Follwing are the solution tried on local; 1: Added 'readonly' on document.ready -NOT WORKED 2: Disabled fields until we load whole page -NOT WORKED Not able fix this issue as Chrome Browser auto-fills saved password on double click on that password field. Thanks, Niteen S. Cc: Satya Samir
            Hide
            sudhir.kalikate Sudhir Kalikate (Inactive) added a comment - - edited

            Hi Satya,

            I did some analysis on this. Tried multiple solutions on local and stage.
            Please refer document [WT-12126 Description.odt] on the analysis.
            WT-12126 Description.odt.

            Note: This is chrome browser specific issue and reproduced some times on Stage and Production.

            Thanks,
            Sudhir Kalikate

            Cc : Swapnil Pandhare

            Show
            sudhir.kalikate Sudhir Kalikate (Inactive) added a comment - - edited Hi Satya , I did some analysis on this. Tried multiple solutions on local and stage. Please refer document [WT-12126 Description.odt] on the analysis. WT-12126 Description.odt . Note: This is chrome browser specific issue and reproduced some times on Stage and Production. Thanks, Sudhir Kalikate Cc : Swapnil Pandhare
            Hide
            niteen.surwase Niteen Surwase (Inactive) added a comment -

            Hi Swapnil Pandhare

            We have tried various solutions but it did not worked for all the browsers (Either worked for Chrome or Firefox).
            We don't have control over all of our user's browsers to change their autocomplete/suggest settings.
            So, we can't disable these setting for Chrome and for other browsers.

            As per below Chrome official links. We can not do anything for the autocomplete setting. Its up to the user to use/not use it.

            Chrome Official autocomplete tickets:
            https://bugs.chromium.org/p/chromium/issues/detail?id=587466
            https://bugs.chromium.org/p/chromium/issues/detail?id=352347

            Thanks,
            Cc: Satya

            Show
            niteen.surwase Niteen Surwase (Inactive) added a comment - Hi Swapnil Pandhare We have tried various solutions but it did not worked for all the browsers (Either worked for Chrome or Firefox). We don't have control over all of our user's browsers to change their autocomplete/suggest settings. So, we can't disable these setting for Chrome and for other browsers. As per below Chrome official links. We can not do anything for the autocomplete setting. Its up to the user to use/not use it. Chrome Official autocomplete tickets: https://bugs.chromium.org/p/chromium/issues/detail?id=587466 https://bugs.chromium.org/p/chromium/issues/detail?id=352347 Thanks, Cc: Satya
            Hide
            niteen.surwase Niteen Surwase (Inactive) added a comment - - edited

            Hi Swapnil Pandhare

            We have done with changes using dummy field. We have set dummy field's visibility as hidden. We are just avoiding secret answer saving to tackle the security concern.
            Please review these changes.

            Following URL shows browsers scope for visibility of dummy field :
            URL : https://www.w3schools.com/jsref/prop_style_visibility.asp

            Concern : Browser displays secret answer in Change Password page. (Browsers uses Autocomplete feature)

            Cause : In EE workflow, when user change password with secret answers then browser considers field which is above Password field (Secret Answer) and saves. (Browser uses Autocomplete feature)

            Correction : We have added dummy hidden field above the password field to save in Autocomplete feature as username.
            Now browser considers dummy field as username to save through Autocomplete feature. So, Browser will not show secret answer anyhow.

            Thanks,
            Niteen S.

            Cc: Satya

            Show
            niteen.surwase Niteen Surwase (Inactive) added a comment - - edited Hi Swapnil Pandhare We have done with changes using dummy field. We have set dummy field's visibility as hidden. We are just avoiding secret answer saving to tackle the security concern. Please review these changes. Following URL shows browsers scope for visibility of dummy field : URL : https://www.w3schools.com/jsref/prop_style_visibility.asp Concern : Browser displays secret answer in Change Password page. (Browsers uses Autocomplete feature) Cause : In EE workflow, when user change password with secret answers then browser considers field which is above Password field (Secret Answer) and saves. (Browser uses Autocomplete feature) Correction : We have added dummy hidden field above the password field to save in Autocomplete feature as username. Now browser considers dummy field as username to save through Autocomplete feature. So, Browser will not show secret answer anyhow. Thanks, Niteen S. Cc: Satya
            Hide
            niteen.surwase Niteen Surwase (Inactive) added a comment - - edited

            Hi Swapnil Pandhare

            This changes has been done and checked-in on trunk and LB as Its parent ticket WT-12109 is approved for LB.

            Thanks,
            Niteen S.

            Cc: Satya Gaurav Sodani

            Show
            niteen.surwase Niteen Surwase (Inactive) added a comment - - edited Hi Swapnil Pandhare This changes has been done and checked-in on trunk and LB as Its parent ticket WT-12109 is approved for LB. Thanks, Niteen S. Cc: Satya Gaurav Sodani
            Hide
            niteen.surwase Niteen Surwase (Inactive) added a comment -

            Priya Dhamande This changes will be deployed on LB with next LB build. Please verify once it'll deploy on LB.

            Show
            niteen.surwase Niteen Surwase (Inactive) added a comment - Priya Dhamande This changes will be deployed on LB with next LB build. Please verify once it'll deploy on LB.
            Hide
            priya.dhamande Priya Dhamande (Inactive) added a comment -

            Hi Jayshree Nagpure,

            As per discussion with Prasad, assigning jira to you.

            Prasad Pise

            Show
            priya.dhamande Priya Dhamande (Inactive) added a comment - Hi Jayshree Nagpure , As per discussion with Prasad, assigning jira to you. Prasad Pise
            Hide
            jayshree.nagpure Jayshree Nagpure (Inactive) added a comment -

            Environment: LB
            Login: Partner, Employee and Company Admin
            Company: For QA KinderCare and For QA-FDU-Azure

            Browser: Chrome
            Pages: Change Password, Login page, Forgot password

            The issue of Password getting retained on browsers is verified on LB for mentioned pages. All the attached scenarios worked as expected.
            So, moving the jira on Ready for stage

            Show
            jayshree.nagpure Jayshree Nagpure (Inactive) added a comment - Environment: LB Login: Partner, Employee and Company Admin Company: For QA KinderCare and For QA-FDU-Azure Browser: Chrome Pages: Change Password, Login page, Forgot password The issue of Password getting retained on browsers is verified on LB for mentioned pages. All the attached scenarios worked as expected. So, moving the jira on Ready for stage

              People

              Assignee:
              jayshree.nagpure Jayshree Nagpure (Inactive)
              Reporter:
              priya.dhamande Priya Dhamande (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 24h Original Estimate - 24h
                  24h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 45.15h
                  45.15h