-
Type:
Bug
-
Status: Resolution Setting
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: BenAdmin
-
Labels:None
-
Environment:Production
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Admin
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Company:All Clients/Multiple Clients
-
Item State:LB QA - Ready for Stage
Environment: Production
Login: Company admin
Page: Change Password Password
Browser: Fire fox
Admin login > Change Password > New Password field is auto filled
screen capture for the same is attached with jira.
Hi Swapnil Pandhare,
Analysis done. Follwing are the solution tried on local;
1: Added 'readonly' on document.ready -NOT WORKED
2: Disabled fields until we load whole page -NOT WORKED
Not able fix this issue as Chrome Browser auto-fills saved password on double click on that password field.
Thanks,
Niteen S.
Hi Satya,
I did some analysis on this. Tried multiple solutions on local and stage.
Please refer document [WT-12126 Description.odt] on the analysis.
WT-12126 Description.odt
.
Note: This is chrome browser specific issue and reproduced some times on Stage and Production.
Thanks,
Sudhir Kalikate
Cc : Swapnil Pandhare
Sudhir Kalikate (Inactive)
added a comment - - edited Hi Satya ,
I did some analysis on this. Tried multiple solutions on local and stage.
Please refer document [WT-12126 Description.odt] on the analysis.
WT-12126 Description.odt .
Note: This is chrome browser specific issue and reproduced some times on Stage and Production.
Thanks,
Sudhir Kalikate
Cc : Swapnil Pandhare
We have tried various solutions but it did not worked for all the browsers (Either worked for Chrome or Firefox).
We don't have control over all of our user's browsers to change their autocomplete/suggest settings.
So, we can't disable these setting for Chrome and for other browsers.
As per below Chrome official links. We can not do anything for the autocomplete setting. Its up to the user to use/not use it.
Chrome Official autocomplete tickets:
https://bugs.chromium.org/p/chromium/issues/detail?id=587466
https://bugs.chromium.org/p/chromium/issues/detail?id=352347
Thanks,
Cc: Satya
We have done with changes using dummy field. We have set dummy field's visibility as hidden. We are just avoiding secret answer saving to tackle the security concern.
Please review these changes.
Following URL shows browsers scope for visibility of dummy field :
URL : https://www.w3schools.com/jsref/prop_style_visibility.asp
Concern : Browser displays secret answer in Change Password page. (Browsers uses Autocomplete feature)
Cause : In EE workflow, when user change password with secret answers then browser considers field which is above Password field (Secret Answer) and saves. (Browser uses Autocomplete feature)
Correction : We have added dummy hidden field above the password field to save in Autocomplete feature as username.
Now browser considers dummy field as username to save through Autocomplete feature. So, Browser will not show secret answer anyhow.
Thanks,
Niteen S.
Cc: Satya
This changes has been done and checked-in on trunk and LB as Its parent ticket WT-12109 is approved for LB.
Thanks,
Niteen S.
Cc: Satya Gaurav Sodani
Priya Dhamande This changes will be deployed on LB with next LB build. Please verify once it'll deploy on LB.
Environment: LB
Login: Partner, Employee and Company Admin
Company: For QA KinderCare and For QA-FDU-Azure
Browser: Chrome
Pages: Change Password, Login page, Forgot password
The issue of Password getting retained on browsers is verified on LB for mentioned pages. All the attached scenarios worked as expected.
So, moving the jira on Ready for stage
Jayshree Nagpure (Inactive)
added a comment - Environment: LB
Login: Partner, Employee and Company Admin
Company: For QA KinderCare and For QA-FDU-Azure
Browser: Chrome
Pages: Change Password, Login page, Forgot password
The issue of Password getting retained on browsers is verified on LB for mentioned pages. All the attached scenarios worked as expected.
So, moving the jira on Ready for stage 
The issue is applicable for Admin Change password and mployee Change Password Page with Company admin login.
Hrishikesh Deshpande