WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-1514

PASSWORD RETURNED IN SERVER RESPONSE

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.0
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete
    • Sprint:
      WT Sprint 1

      Description

      Pretorian reported an issue that password is returning is server response is potential threat to system.

      The user’s password is returned in the response from the server when an administrator creates an account for a new employee
      By sending a user password as a response during account registration, WORKTERRA increases the possibility of the password being sniffed on the wire, or compromised via local workstation access.
      When registering a new employee, the employee's default password was displayed to the registrar.

      Ideally we should not display password to administrator.

      We need to find out all possible locations in System where we are sending password to client side.

      Possible solution for this is to remove add employee popup which displays credentials.
      Configuration flag should decide whether we need to display newly added employee password in alert or not.

        Attachments

        1. Add_Employee_Enhancement.doc
          81 kB
        2. Admin login.png
          Admin login.png
          179 kB
        3. Disply password flag settings.png
          Disply password flag settings.png
          176 kB
        4. Employee credencials.png
          Employee credencials.png
          173 kB
        5. Password credencial for SEO Module.png
          Password credencial for SEO Module.png
          178 kB
        6. Password Enhancement.xls
          18 kB

          Activity

          Ascending order - Click to sort in descending order
          vijayendra Vijayendra Shinde (Inactive) created issue -
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Field Original Value New Value
          Status New Request [ 10029 ] Pending for Approval [ 10002 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Pending for Approval [ 10002 ] Approved for Development [ 10003 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Swapnil Pandhare [ swapnil.pandhare ]
          samir Samir made changes -
          Status Approved for Development [ 10003 ] In Development [ 10007 ]
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Development Backlog(10205)
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Development Backlog(10205) Parent values: Development(10200)Level 1 values: In Analysis(10204)
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Attachment Add_Employee_Enhancement.doc [ 14049 ]
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: In Analysis(10204) Parent values: Development(10200)Level 1 values: On Hold(10207)
          satyap Satya made changes -
          Dev Estimates 24
          satyap Satya made changes -
          Component/s BenAdmin [ 10000 ]
          Component/s BenAdmin [ 10100 ]
          Issue Type Enhancement [ 4 ] Change Request [ 10002 ]
          Key ST-89 WT-1514
          Project Project Simple [ 10400 ] WORKTERRA [ 10000 ]
          deepalit Deepali Tidke (Inactive) made changes -
          QA Estimates 12
          admin01 admin made changes -
          Fix Version/s 1.0 [ 10000 ]
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Assignee Swapnil Pandhare [ swapnil.pandhare ] Chaitali Acharya [ chaitali.acharya ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Issue Type Change Request [ 10002 ] Enhancement [ 4 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Issue Type Enhancement [ 4 ] Change Request [ 10002 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Account Executive David Rhodes [Administrator] [ admin ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Issue Type Change Request [ 10002 ] Enhancement [ 4 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Issue Type Enhancement [ 4 ] Change Request [ 10002 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Issue Type Change Request [ 10002 ] Enhancement [ 4 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: On Hold(10207) Parent values: LB QA(10201)
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Assignee Chaitali Acharya [ chaitali.acharya ] Deepali Tidke [ deepalit ]
          deepalit Deepali Tidke (Inactive) made changes -
          Assignee Deepali Tidke [ deepalit ] Venkatesh Pujari [ venkatesh.pujari ]
          venkatesh.pujari Venkatesh Pujari (Inactive) made changes -
          Attachment Password Enhancement.xls [ 15315 ]
          satyap Satya made changes -
          Sprint WT Sprint 1 [ 6 ]
          satyap Satya made changes -
          Rank Ranked higher
          venkatesh.pujari Venkatesh Pujari (Inactive) made changes -
          Item State Parent values: LB QA(10201) Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)
          satyap Satya made changes -
          Rank Ranked higher
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          swapnil.pandhare Swapnil Pandhare (Inactive) made changes -
          Status Local Testing [ 10200 ] Pending for Stage Approval [ 10300 ]
          satyap Satya made changes -
          Status Pending for Stage Approval [ 10300 ] Approved for Stage [ 10030 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Status Approved for Stage [ 10030 ] Stage Testing [ 10201 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) Parent values: Stage QA(10202)
          venkatesh.pujari Venkatesh Pujari (Inactive) made changes -
          Assignee Venkatesh Pujari [ venkatesh.pujari ] Deepali Tidke [ deepalit ]
          deepalit Deepali Tidke (Inactive) made changes -
          Assignee Deepali Tidke [ deepalit ] Dhanashree Sherkar [ dhanashree.sherkar ]
          dhanashree.sherkar Dhanashree Sherkar (Inactive) made changes -
          Attachment Disply password flag settings.png [ 16421 ]
          dhanashree.sherkar Dhanashree Sherkar (Inactive) made changes -
          Attachment Employee credencials.png [ 16422 ]
          dhanashree.sherkar Dhanashree Sherkar (Inactive) made changes -
          Attachment Password credencial for SEO Module.png [ 16423 ]
          dhanashree.sherkar Dhanashree Sherkar (Inactive) made changes -
          Attachment Admin login.png [ 16424 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Item State Parent values: Stage QA(10202) Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) Parent values: Production QA(10203)
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Status Stage Testing [ 10201 ] Pending for Production Approval [ 10301 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Status Pending for Production Approval [ 10301 ] Approved for production [ 10034 ]
          chaitali.acharya Chaitali Acharya (Inactive) made changes -
          Status Approved for production [ 10034 ] Production Testing [ 10202 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Assignee Dhanashree Sherkar [ dhanashree.sherkar ] Kunal Kedari [ kunal.kedari ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Resolution Done [ 10000 ]
          Status Production Testing [ 10202 ] Production Complete [ 10028 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Item State Parent values: Production QA(10203) Parent values: Production Complete(10222)
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Assignee Kunal Kedari [ kunal.kedari ] Jennifer Leugers [ jennifer.leugers ]
          satyap Satya made changes -
          Resolution Done [ 10000 ] Fixed [ 1 ]
          Status Production Complete [ 10028 ] Closed [ 6 ]

            People

            Assignee:
            jennifer.leugers Jennifer Leugers
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Account Executive:
            David Rhodes (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: