Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-4680

[Security Test] Postal Code and Work Phone fields can be manipulated by inserting invalid values from proxy tool.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:
      Production
    • Bug Severity:
      Medium
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger

      Description

      [Security Test] Postal Code and Work Phone fields can be manipulated by inserting invalid values from proxy tool.

      1. Login as Employee and traverse the self serve mode till Add beneficiary page
      2. Add/Update beneficiary details and enter the valid Postal Code and Work Phone
      3. Open Tamper Data tool and click on start Tamper
      4. Go to the Add/Update beneficiary page and save the beneficiary details.
      5. Click on Tamper Data button and Go to Tamper Data Post parameter page to insert invalid Postal COde and Work Phone.
      6. Click on OK button to fire the POST request again.
      7. Invalid data gets saved.

      Server Side input validations needs to be implemented throughout the workterra application.

        Attachments

          Activity

            People

            Assignee:
            samir Samir
            Reporter:
            prasadp Prasad Pise (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: