[WT-4680] [Security Test] Postal Code and Work Phone fields can be manipulated by inserting invalid values from proxy tool. - Workterra Jira

Details

Type: Bug
Status: Open
Priority: Medium
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- Security

Environment:

Production
Bug Severity:
Medium
Module:
BenAdmin - Security
Reported by:
Harbinger

Description

[Security Test] Postal Code and Work Phone fields can be manipulated by inserting invalid values from proxy tool.

1. Login as Employee and traverse the self serve mode till Add beneficiary page
2. Add/Update beneficiary details and enter the valid Postal Code and Work Phone
3. Open Tamper Data tool and click on start Tamper
4. Go to the Add/Update beneficiary page and save the beneficiary details.
5. Click on Tamper Data button and Go to Tamper Data Post parameter page to insert invalid Postal COde and Work Phone.
6. Click on OK button to fire the POST request again.
7. Invalid data gets saved.

Server Side input validations needs to be implemented throughout the workterra application.

Attachments

Activity

Ascending order - Click to sort in descending order

Prasad Pise (Inactive) created issue - 08/Sep/16 12:37 PM

Prasad Pise (Inactive) made changes - 08/Sep/16 12:39 PM

Field	Original Value	New Value
Description	[Security Test] Postal Code and Work Phone fields can be manipulated by inserting invalid values from proxy tool. 1. Login as Employee and traverse the self serve mode till Add beneficiary page 2. Add/Update beneficiary details and enter the valid Postal Code and Work Phone 3. Open Tamper Data tool and click on start Tamper 4. Go to the Add/Update beneficiary page and save the beneficiary details. 5. Click on Tamper Data button and Go to Tamper Data Post parameter page to insert invalid Postal COde and Work Phone. 6. Click on OK button to fire the POST request again. 7. Invalid data gets saved.	[Security Test] Postal Code and Work Phone fields can be manipulated by inserting invalid values from proxy tool. 1. Login as Employee and traverse the self serve mode till Add beneficiary page 2. Add/Update beneficiary details and enter the valid Postal Code and Work Phone 3. Open Tamper Data tool and click on start Tamper 4. Go to the Add/Update beneficiary page and save the beneficiary details. 5. Click on Tamper Data button and Go to Tamper Data Post parameter page to insert invalid Postal COde and Work Phone. 6. Click on OK button to fire the POST request again. 7. Invalid data gets saved. Server Side input validations needs to be implemented throughout the workterra application.

Rakesh Roy (Inactive) made changes - 23/Jan/17 06:01 AM

Module

Parent values: BenAdmin(10100)

Parent values: BenAdmin(10100)Level 1 values: Security(10112)

Prasad Pise (Inactive) made changes - 20/Mar/17 06:30 AM

Severity

Medium [ 13102 ]

Prasad Pise (Inactive) made changes - 06/Apr/17 07:12 AM

Issue Category

EBS [ 10350 ]

Harbinger [ 10700 ]

shyam sharma (Inactive) made changes - 10/Aug/17 09:18 AM

Sprint

WT Sprint 35 - Bugs [ 81 ]

shyam sharma (Inactive) made changes - 10/Aug/17 09:18 AM

Rank

Ranked higher

shyam sharma (Inactive) made changes - 10/Aug/17 09:19 AM

Sprint

WT Sprint 35 - Bugs [ 81 ]

shyam sharma (Inactive) made changes - 10/Aug/17 09:19 AM

Rank

Ranked lower

Rakesh Roy (Inactive) made changes - 27/Sep/17 08:04 AM

Bug Severity

Medium [ 16702 ]

Satya made changes - 01/Nov/17 11:20 PM

Labels

Security

Satya made changes - 04/Nov/17 06:35 AM

Environment_New

Production [ 18442 ]

Vijayendra Shinde (Inactive) made changes - 15/Dec/20 02:53 AM

Link

This issue relates to DEV-13718 [ DEV-13718 ]

People

Assignee:: Samir

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Sep/16 12:37 PM

Updated:: 15/Dec/20 02:53 AM