Support #11221
[SCP ID :##5519##] : Security for invalid username in CDB
Status: | Closed - End of life cycle | Start date: | September 08, 2020 | ||
---|---|---|---|---|---|
Priority: | Normal | Due date: | |||
Assignee: | Nurul Athira Abdul Rahim | % Done: | 90% | ||
Category: | - | Spent time: | - | ||
Target version: | - |
Description
Hi,
Kindly attend below request:-
For security checking in CDB, invalid username should not prompt 'Invalid username'. It should redirect to random pass phrase.
History
#1 Updated by Nurul Athira Abdul Rahim about 4 years ago
- Assignee changed from Nurul Athira Abdul Rahim to Najmi Pasarudin
#2 Updated by Najmi Pasarudin about 4 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
- % Done changed from 0 to 90
#3 Updated by Najmi Pasarudin about 4 years ago
- Status changed from Development / Work In Progress to Internal Testing
- Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim
Issue:
CDB login show 'Invalid Username' if wrong username
Finding:
CDB login shows 'Invalid Username' based on BSN request during GO LIVE
Solution:
Update code so that CDB login will not show 'Invalid Username' if wrong username and will proceed to Password page with random pass phrase.
CDB will shows 'Invalid Username or password' when enter password.
- Prepare 3 random CDB usernames
- Test CDB login with the usernames
- Remember the pass phrase for each usernames
- The same pass phrase will be assigned for one username
- Re-test CDB login with the usernames
- Enter password
- Expected result, CDB login will allow random username but will show 'Invalid Username or password' on password page
#4 Updated by Nurul Athira Abdul Rahim about 4 years ago
- File security phrase 1.jpg added
- File security phrase 2.jpg added
- File security phrase 3.jpg added
- Status changed from Internal Testing to System Integration Test
Tested and file
#5 Updated by Nurul Athira Abdul Rahim about 4 years ago
- Status changed from System Integration Test to Pending Review
#6 Updated by Nurul Athira Abdul Rahim almost 4 years ago
- Status changed from Pending Review to Closed - End of life cycle
Migration ID ID0016