Support #11071

[SCP ID :##5446##] : PCI DSS Finding: Jquery Vulnerablity and Beast attack enable

Added by Nurul Akmal about 4 years ago. Updated about 3 years ago.

Status:Work Completed-End life cycleStart date:August 19, 2020
Priority:NormalDue date:
Assignee:Zahir Abd Latif% Done:

100%

Category:-Spent time:-
Target version:-

Description

Hi Athira,
Kindly attend below request.

Kindly refer to attached report.

Thank you.

DOC290520.pdf (3.93 MB) Nurul Akmal, August 03, 2020 12:59

click check degit at add fav ibg.jpg (290 KB) Nurul Athira Abdul Rahim, August 04, 2020 17:28

click check degit at add fav ibg-1.jpg (212 KB) Nurul Athira Abdul Rahim, August 04, 2020 17:28

add fav bill payment error.jpg (370 KB) Nurul Athira Abdul Rahim, August 05, 2020 12:14

add favourite jompay not carry data.jpg (237 KB) Nurul Athira Abdul Rahim, August 05, 2020 12:14

check duplicate acc error.jpg (221 KB) Nurul Athira Abdul Rahim, August 05, 2020 12:14

clear buton no function at bp-upload.jpg (441 KB) Nurul Athira Abdul Rahim, August 05, 2020 12:14

save ibg file.jpg (622 KB) Nurul Athira Abdul Rahim, August 05, 2020 12:14

ibg file.jpg (128 KB) Nurul Athira Abdul Rahim, August 05, 2020 12:14

BULK_PAYMENT_050820110751s.data.txt Magnifier (575 Bytes) Nurul Athira Abdul Rahim, August 05, 2020 12:14

ibg error.jpg (375 KB) Nurul Athira Abdul Rahim, August 05, 2020 12:14

message box_sent item_list of recipient.jpg (446 KB) Nurul Athira Abdul Rahim, August 11, 2020 18:34

pagination position.jpg (536 KB) Nurul Athira Abdul Rahim, August 13, 2020 18:19

Subtasks

Support #11147: [11071] Beast attack enableClosed - End of life cycleNurul Athira Abdul Rahim

History

#1 Updated by Nurul Athira Abdul Rahim about 4 years ago

  • Assignee changed from Nurul Athira Abdul Rahim to Najmi Pasarudin

#2 Updated by Najmi Pasarudin about 4 years ago

  • Status changed from New - Begin Life Cycle to Internal Testing
  • Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim
  • % Done changed from 0 to 90

Updated IBAM and CDB SIT with jquery 3.4.
Please test.

#3 Updated by Nurul Athira Abdul Rahim about 4 years ago

Erni testing on - IE and Firefox

Athira - Chrome and Safari

#4 Updated by Nurul Athira Abdul Rahim about 4 years ago

Chrome

Found error at :

Add fav ibg

Step :
1. Click check degit
-2. System display (Refer attachment)-

TESTED and PASSED

Bill Payment - Add Favourite

Step :
1. Create new fav bill payment
2. Click "Next"

Result :
--System not display challenge response number
Once scan and insert the cr code, system diplay "Unknown Error" (Refer attachment)

TESTED and PASSED

Add Favourite Jompay

Step :
1. Create new jompay payment
2. Add to favourite

Result : System not carry the inserted data at add to favourite screen
expected : System should carry biller code, ref 1 and ref 2

TESTED and PASSED

Bulk Payment > Check duplicate acc no

Step :
1. Create new bulk payment file
2. Click "Check duplicate acc no"
3. System display error (Refer attachment)

TESTED and PASSED

Bulk payment - upload

Clear button not function

TESTED and PASSED

Bulk Payment - IBG

Create IBG file but system save file as bulk payment file

Step
1. Create data entry - IBG (Success till result) (Refer attachment)
2. Upload file (Using save IBG file before)

Result : System throw error invalid trasaction lenght (refer attachment)
Expected : System should accept the file

Bulk Payment > Upload File

Bulk Payment > Edit Data

No error message display when select random file

Step :
1. insert required field
2. select invalid file
3. click upload

result : System refresh the screen without display any error message
expected : System display error message "Invalid file type"

TESTED and PASSED

Auto Debit > Upload File

Clear button no function

TESTED and PASSED

#5 Updated by Nurul Athira Abdul Rahim about 4 years ago

#6 Updated by Nurul Athira Abdul Rahim about 4 years ago

  • Assignee changed from Najmi Pasarudin to Nurul Hasnieza Bt Mohd Zamri

#7 Updated by Nurul Athira Abdul Rahim about 4 years ago

Chrome

EPF > Upload File

EPF > Edit Data

No error message display

Step :
1. insert required field
2. select invalid file
3. click upload

result : System refresh the screen without display any error message
expected : System display error message "Invalid file type"

TESTED and PASSED

--*EPF > Upload file*-

Clear button not function-

Step :
1. Insert required field
2. Click clear button

Result : No responses from system
Expected : System reset all field

TESTED and PASSED

#8 Updated by Najmi Pasarudin about 4 years ago

Najmi:
Fixed Bulk Payment Data Entry save file for File Upload.
Fixed issue ibg error.jpg

#9 Updated by Nurul Hasnieza Bt Mohd Zamri about 4 years ago

  • Status changed from Development / Work In Progress to Finished Development

#10 Updated by Nurul Hasnieza Bt Mohd Zamri about 4 years ago

  • Status changed from Finished Development to Internal Testing
  • Assignee changed from Nurul Hasnieza Bt Mohd Zamri to Nurul Athira Abdul Rahim

Hi Athira,
the issues have been fixed. Kindly retest. Thank you.

#11 Updated by Nurul Athira Abdul Rahim about 4 years ago

  • File message box_sent item_list of recipient.jpg added
  • Status changed from Internal Testing to Development / Work In Progress
  • Assignee changed from Nurul Athira Abdul Rahim to Nurul Hasnieza Bt Mohd Zamri
  • % Done changed from 90 to 80

IBAM

Path : Message Box > Sent Item > List of Recipient

"Next and previous" link not at the right position. (Refer Attachment)

#12 Updated by Nurul Hasnieza Bt Mohd Zamri about 4 years ago

  • Status changed from Development / Work In Progress to Finished Development

#13 Updated by Nurul Athira Abdul Rahim about 4 years ago

Admin User MAnager > Listing

Kindly fix the position of the screen pagination

#14 Updated by Nurul Hasnieza Bt Mohd Zamri about 4 years ago

  • Status changed from Finished Development to Internal Testing
  • Assignee changed from Nurul Hasnieza Bt Mohd Zamri to Nurul Athira Abdul Rahim

Hi Athira,
the issues have been fixed. Kindly retest.

#15 Updated by Nurul Athira Abdul Rahim about 4 years ago

  • Status changed from Internal Testing to System Integration Test

Tested and passed for :
Chrome
Mozila
Safari
IE

#16 Updated by Nurul Athira Abdul Rahim about 4 years ago

  • Status changed from System Integration Test to User Acceptance Test
  • Assignee changed from Nurul Athira Abdul Rahim to Najmi Pasarudin

Tested and passed by Azyan on 17/08/20

#17 Updated by Najmi Pasarudin about 4 years ago

  • Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim

Deployed UAT on 18/08/2020

#18 Updated by Nurul Athira Abdul Rahim about 4 years ago

  • Status changed from User Acceptance Test to Pending Prod Deployment

#19 Updated by Nurul Athira Abdul Rahim about 4 years ago

Tested and passed by UAT team

#20 Updated by Najmi Pasarudin about 4 years ago

  • Status changed from Pending Prod Deployment to Pending Review

Deployed Production on 19/08/2020

#21 Updated by Nurul Athira Abdul Rahim almost 4 years ago

  • Status changed from Pending Review to Work Completed-End life cycle
  • Assignee changed from Nurul Athira Abdul Rahim to Zahir Abd Latif

Also available in: Atom PDF