-
Type:
Bug
-
Status: Closed
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Production
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Item State:Production QA
[Secure Test] Request Details of Get URL for viewing Benefit Descriptions are having parameters as plain text and using same URL plan descriptions can be accessed across company.
Start Tamper Data plugin for viewing Request Details.
1. Login as Admin to Company 2.
2. Login as Employee to Company 1
3. Traverse Employee Self Serve mode to Enroll now plans like Medical,Dental,Vision etc.
4. Click on Benefit Description
5. Go to Tamper Data and check for the Request Details. Refer Screen Shots for details.
6. Copy the URL and paste it in the Admin user's session of company 2
7. Using same URL plan descriptions can be accessed across company.
Refer screenshots for details
| Transition | Time In Source Status | Execution Times |
|---|
|
7d 18h 13m | 1 |
|
8s | 1 |
|
10h 17m | 1 |
|
5d 18h 26m | 2 |
|
1d 22h 59m | 1 |
|
2d 17m | 1 |
|
21m 15s | 1 |
|
1h 17m | 1 |