-
Type:
Bug
-
Status: Closed
-
Priority:
High
-
Resolution: Cancelled
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Platform
-
Labels:None
-
Environment:Production
-
Module:Platform - Security
-
Reported by:Harbinger
[Security Test] Date fields validations are not present on server side due to which it is possible to manipulate dates in application.
Test Environment: Production
Tools Used : ZAP, Tamper Data
Browser: Chrome, Firefox
1. Login as Admin
2. Go to a test company
2. Go to Benefit Type Builder
3. Select any existing benefit type
4. Update the Benefit Start date and End Date using proxy tool like ZAP/Tamper Data through post request.
5. Check for the updated dates on form.
We have altered the Start Date,End Date, Plan Effective Date and Plan termination date for 'Basic Life' benefit type. PFA screenshots.
*
This can be possible in any date field of entire workterra application and can impact on existing as well as future data.*
Expected Result:
[Security Test] Date fields validations on server side needs to be implemented throughout the application.
| Field | Original Value | New Value |
|---|---|---|
| Component/s | BenAdmin [ 10000 ] |
| Component/s | Platform [ 10006 ] | |
| Component/s | BenAdmin [ 10000 ] |
| Module | Parent values: BenAdmin(10100) | Parent values: Platform(10106)Level 1 values: Security(10115) |
| Severity | Complex [ 13103 ] |
| Issue Category | EBS [ 10350 ] | Harbinger [ 10700 ] |
| Status | Open [ 1 ] | In Development [ 10007 ] |
| Resolution | Won't Do [ 10001 ] | |
| Status | In Development [ 10007 ] | Rejected [ 10004 ] |
| Status | Rejected [ 10004 ] | Closed [ 6 ] |
| Environment_New | Production [ 18442 ] |
| Link | This issue relates to DEV-13718 [ DEV-13718 ] |