[WT-5688] [Secure Test] Request Details of Get URL for viewing Benefit Descriptions are having parameters as plain text and using same URL plan descriptions can be accessed across company. - Workterra Jira

Details

Type: Bug
Status: Closed
Priority: Medium
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Environment:

Production
Module:
BenAdmin - Security
Reported by:
Harbinger
Item State:
Production QA

Description

[Secure Test] Request Details of Get URL for viewing Benefit Descriptions are having parameters as plain text and using same URL plan descriptions can be accessed across company.

Start Tamper Data plugin for viewing Request Details.

1. Login as Admin to Company 2.
2. Login as Employee to Company 1
3. Traverse Employee Self Serve mode to Enroll now plans like Medical,Dental,Vision etc.
4. Click on Benefit Description
5. Go to Tamper Data and check for the Request Details. Refer Screen Shots for details.
6. Copy the URL and paste it in the Admin user's session of company 2
7. Using same URL plan descriptions can be accessed across company.

Refer screenshots for details

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

AccessVisionPlanAcrossCompany-Step0.jpg
219 kB
24/Oct/16 12:37 PM
AccessVisionPlanAcrossCompany-Step1.jpg
256 kB
24/Oct/16 12:37 PM
AccessVisionPlanAcrossCompany-Step2.jpg
113 kB
24/Oct/16 12:37 PM
EmployeeSSM-1.jpg
490 kB
03/Nov/16 12:53 PM
TamperedEmployeeSSM-2.jpg
279 kB
03/Nov/16 12:53 PM

Activity

No work has yet been logged on this issue.

People

Assignee:: Rakesh Roy (Inactive)

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Oct/16 12:38 PM

Updated:: 15/Dec/20 02:53 AM

Resolved:: 11/Nov/16 10:13 AM