-
Type:
Bug
-
Status: Closed
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Production
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Item State:Production QA
[Secure Test] Request Details of Get URL for viewing Benefit Descriptions are having parameters as plain text and using same URL plan descriptions can be accessed across company.
Start Tamper Data plugin for viewing Request Details.
1. Login as Admin to Company 2.
2. Login as Employee to Company 1
3. Traverse Employee Self Serve mode to Enroll now plans like Medical,Dental,Vision etc.
4. Click on Benefit Description
5. Go to Tamper Data and check for the Request Details. Refer Screen Shots for details.
6. Copy the URL and paste it in the Admin user's session of company 2
7. Using same URL plan descriptions can be accessed across company.
Refer screenshots for details
| Field | Original Value | New Value |
|---|---|---|
| Status | Open [ 1 ] | In Development [ 10007 ] |
| Assignee | Vijayendra Shinde [ ID10506 ] | Prasad Pise [ prasadp ] |
| Item State | Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) |
| Module | Parent values: BenAdmin(10100) | Parent values: BenAdmin(10100)Level 1 values: Security(10112) |
| Item State | Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) |
| Issue Category | EBS [ 10350 ] | Harbinger [ 10700 ] |
| Attachment | EmployeeSSM-1.jpg [ 31232 ] | |
| Attachment | TamperedEmployeeSSM-2.jpg [ 31233 ] |
| Status | In Development [ 10007 ] | Local Testing [ 10200 ] |
| Status | Local Testing [ 10200 ] | Reopen in Local [ 10018 ] |
| Assignee | Prasad Pise [ prasadp ] | Vijayendra Shinde [ ID10506 ] |
| Status | Reopen in Local [ 10018 ] | In Development [ 10007 ] |
| Assignee | Vijayendra Shinde [ ID10506 ] | Prasad Pise [ prasadp ] |
| Status | In Development [ 10007 ] | Local Testing [ 10200 ] |
| Item State | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) |
| Assignee | Prasad Pise [ prasadp ] | Vijayendra Shinde [ ID10506 ] |
| Assignee | Vijayendra Shinde [ ID10506 ] | Prasad Pise [ prasadp ] |
Khandu Kshirsagar (Inactive)
made changes -
| Item State | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) | Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) |
| Status | Local Testing [ 10200 ] | Stage Testing [ 10201 ] |
| Item State | Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) | Parent values: Stage QA(10202)Level 1 values: In Testing(10214) |
| Assignee | Prasad Pise [ prasadp ] | Rakesh Roy [ rakeshr ] |
| Assignee | Rakesh Roy [ rakeshr ] | Priya Dhamande [ priya.dhamande ] |
| Item State | Parent values: Stage QA(10202)Level 1 values: In Testing(10214) | Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) |
| Assignee | Priya Dhamande [ priya.dhamande ] | Prasad Pise [ prasadp ] |
| Item State | Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) | Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) |
| Status | Stage Testing [ 10201 ] | Production Testing [ 10202 ] |
| Resolution | Fixed [ 1 ] | |
| Status | Production Testing [ 10202 ] | Production Complete [ 10028 ] |
| Assignee | Prasad Pise [ prasadp ] | Rakesh Roy [ rakeshr ] |
| Item State | Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) | Parent values: Production QA(10203)Level 1 values: In Testing(10218) |
| Item State | Parent values: Production QA(10203)Level 1 values: In Testing(10218) | Parent values: Production QA(10203) |
| Status | Production Complete [ 10028 ] | Closed [ 6 ] |
| Environment_New | Production [ 18442 ] |
| Link | This issue relates to DEV-13718 [ DEV-13718 ] |