WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-5525

Login page should allow single quote in User name

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Platform
    • Labels:
      None
    • Module:
      Platform
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed
    • Issue Importance:
      Must Have

      Description

      UHC requires single quotes allowed in username of login page.

        Attachments

        1. Stage_pass.png
          Stage_pass.png
          240 kB
        2. Stage_Pass2.png
          Stage_Pass2.png
          299 kB
        3. WT_5525_SQLInjectionTest.xls
          70 kB

          Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. WT-5315 PSMC in Stage - Ghost Record Issue

          • Critical - This problem will block progress.
          • Production Complete

            Activity

            Ascending order - Click to sort in descending order
            vijayendra Vijayendra Shinde (Inactive) created issue -
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Field Original Value New Value
            Assignee Amnesh Goel [ amnesh.goel ] Vijayendra Shinde [ ID10506 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status New Request [ 10029 ] Pending for Approval [ 10002 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status Pending for Approval [ 10002 ] Approved for Development [ 10003 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Status Approved for Development [ 10003 ] In Development [ 10007 ]
            Hide
            Permalink
            vijayendra Vijayendra Shinde (Inactive) added a comment -

            We need to verify all logins for this fix to ensure logins on production.

            Again, this fix needs to be tested for Security of Blind SQL injection.

            Show
            vijayendra Vijayendra Shinde (Inactive) added a comment - We need to verify all logins for this fix to ensure logins on production. Again, this fix needs to be tested for Security of Blind SQL injection.
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Developer Vijayendra Shinde [ ID10506 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Code Review Date 17/Oct/2016
            Code Reviewed By Saurabh Sablaka [ 11909 ]
            Hide
            Permalink
            vijayendra Vijayendra Shinde (Inactive) added a comment -

            Please check this fix after patch deployment

            Show
            vijayendra Vijayendra Shinde (Inactive) added a comment - Please check this fix after patch deployment
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Assignee Vijayendra Shinde [ ID10506 ] Rakesh Roy [ rakeshr ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Link This issue is caused by WT-5315 [ WT-5315 ]
            Hide
            Permalink
            rakeshr Rakesh Roy (Inactive) added a comment -

            Prasad Pise Please chech security point.
            Rashmita Dudhe Test this after deployment.

            Show
            rakeshr Rakesh Roy (Inactive) added a comment - Prasad Pise Please chech security point. Rashmita Dudhe Test this after deployment.
            rakeshr Rakesh Roy (Inactive) made changes -
            Assignee Rakesh Roy [ rakeshr ] Rashmita Dudhe [ rashmita.dudhe ]
            khandu.kshirsagar Khandu Kshirsagar (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
            Hide
            Permalink
            rashmita.dudhe Rashmita Dudhe (Inactive) added a comment -

            Verified on LB environment consider below scenario.

            1]Import Employee with single quote Email address, name
            2]Login to the system with generated User name like o'donald.test121172
            3]adding employee through UI
            4] also login to the system with generated user name.

            Working fine.

            Show
            rashmita.dudhe Rashmita Dudhe (Inactive) added a comment - Verified on LB environment consider below scenario. 1]Import Employee with single quote Email address, name 2]Login to the system with generated User name like o'donald.test121172 3]adding employee through UI 4] also login to the system with generated user name. Working fine.
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Status In Development [ 10007 ] Local Testing [ 10200 ]
            ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
            Item State Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
            khandu.kshirsagar Khandu Kshirsagar (Inactive) made changes -
            Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)
            rakeshr Rakesh Roy (Inactive) made changes -
            Status Local Testing [ 10200 ] Pending for Stage Approval [ 10300 ]
            rakeshr Rakesh Roy (Inactive) made changes -
            Status Pending for Stage Approval [ 10300 ] Approved for Stage [ 10030 ]
            rakeshr Rakesh Roy (Inactive) made changes -
            Status Approved for Stage [ 10030 ] Stage Testing [ 10201 ]
            rakeshr Rakesh Roy (Inactive) made changes -
            Attachment Stage_pass.png [ 29525 ]
            rakeshr Rakesh Roy (Inactive) made changes -
            Attachment Stage_Pass2.png [ 29526 ]
            Hide
            Permalink
            rashmita.dudhe Rashmita Dudhe (Inactive) added a comment -

            Verified on Stage environment consider below scenario.
            1]Import Employee with single quote Email address, name
            2]Login to the system with generated User name like o'donald.test121172
            3]adding employee through UI
            4] also login to the system with generated user name.
            Working fine.

            Show
            rashmita.dudhe Rashmita Dudhe (Inactive) added a comment - Verified on Stage environment consider below scenario. 1]Import Employee with single quote Email address, name 2]Login to the system with generated User name like o'donald.test121172 3]adding employee through UI 4] also login to the system with generated user name. Working fine.
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Item State Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)
            prasadp Prasad Pise (Inactive) made changes -
            Attachment WT_5525_SQLInjectionTest.xls [ 29565 ]
            Hide
            Permalink
            prasadp Prasad Pise (Inactive) added a comment -

            Verified issue on Stage and Production environment for "User Name" field on login page. Tried with various SQL injections of different Payloads/inputs. No vulnerability found till now. WT_5525_SQLInjectionTest.xls

            Show
            prasadp Prasad Pise (Inactive) added a comment - Verified issue on Stage and Production environment for "User Name" field on login page. Tried with various SQL injections of different Payloads/inputs. No vulnerability found till now. WT_5525_SQLInjectionTest.xls
            rakeshr Rakesh Roy (Inactive) made changes -
            Item State Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
            Hide
            Permalink
            rashmita.dudhe Rashmita Dudhe (Inactive) added a comment -

            Verified on Production environment consider below scenario.
            1]Import Employee with single quote Email address, name
            2]Login to the system with generated User name like o'donald.test121172
            3]adding employee through UI
            4] also login to the system with generated user name.
            Working fine.

            Show
            rashmita.dudhe Rashmita Dudhe (Inactive) added a comment - Verified on Production environment consider below scenario. 1]Import Employee with single quote Email address, name 2]Login to the system with generated User name like o'donald.test121172 3]adding employee through UI 4] also login to the system with generated user name. Working fine.
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Production Complete(10222)Level 1 values: Closed(10223)
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Status Stage Testing [ 10201 ] Pending for Production Approval [ 10301 ]
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Status Pending for Production Approval [ 10301 ] Approved for production [ 10034 ]
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Status Approved for production [ 10034 ] Production Testing [ 10202 ]
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Resolution Fixed [ 1 ]
            Status Production Testing [ 10202 ] Production Complete [ 10028 ]
            rashmita.dudhe Rashmita Dudhe (Inactive) made changes -
            Status Production Complete [ 10028 ] Closed [ 6 ]
            Transition Time In Source Status Execution Times
            Vijayendra Shinde (Inactive) made transition -
            New Request Pending for Approval
            		16s 1
            Vijayendra Shinde (Inactive) made transition -
            Pending for Approval Approved for Development
            		2s 1
            Vijayendra Shinde (Inactive) made transition -
            Approved for Development In Development
            		1s 1
            Rashmita Dudhe (Inactive) made transition -
            In Development In LB Testing
            		3h 10m 1
            Rakesh Roy (Inactive) made transition -
            In LB Testing Pending for Stage Approval
            		2h 1m 1
            Rakesh Roy (Inactive) made transition -
            Pending for Stage Approval Approved for Stage
            		2s 1
            Rakesh Roy (Inactive) made transition -
            Approved for Stage Stage Testing
            		2s 1
            Rashmita Dudhe (Inactive) made transition -
            Stage Testing Pending for Production Approval
            		1d 1h 25m 1
            Rashmita Dudhe (Inactive) made transition -
            Pending for Production Approval Approved for production
            		5s 1
            Rashmita Dudhe (Inactive) made transition -
            Approved for production In Production Testing
            		2s 1
            Rashmita Dudhe (Inactive) made transition -
            In Production Testing Production Complete
            		7s 1
            Rashmita Dudhe (Inactive) made transition -
            Production Complete Closed
            		9s 1

              People

              Assignee:
              rashmita.dudhe Rashmita Dudhe (Inactive)
              Reporter:
              vijayendra Vijayendra Shinde (Inactive)
              Developer:
              Vijayendra Shinde (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Code Review Date: