[WT-4676] [Security Test] {Critical Information Disclosure} Table Names, Column Names get displayed in proxy tool. - Workterra Jira

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: High
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- Security

Environment:

Production
Bug Severity:
Low
Module:
BenAdmin - Security
Reported by:
Harbinger

Description

[Security Test]

{Critical Information Disclosure}

Table Name and Column Names get displayed in proxy tools.
Test Environment : Production: VM-208..
Tool used:
Tamper Data - Mozilla Browser plugin

1. Login as Admin
2. Go to Add Employee
3. Enter required fields in Add New employee page
4. Go to Tamper Data
5. Click on Start Tamper
6. Go to Add Employee Page and click on Save button.
7. Check for the Tamper Data POST form parameters.

For more details check attached Screenshot.

This issue is observed throughout the application.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

CriticalInfo_Disclosure.png
08/Sep/16 10:35 AM
175 kB
Prasad Pise

Activity

People

Assignee:: Samir

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Sep/16 10:36 AM

Updated:: 15/Dec/20 02:53 AM