Support #11221: [SCP ID :##5519##] : Security for invalid username in CDB - BSN CDB Support - Penril Support System

Support #11221

[SCP ID :##5519##] : Security for invalid username in CDB

Added by Zahir Abd Latif about 4 years ago. Updated almost 4 years ago.

Status:

Closed - End of life cycle

Start date:

September 08, 2020

Priority:

Normal

Due date:

Assignee:

Nurul Athira Abdul Rahim

% Done:

90%

Category:

Spent time:

Target version:

Description

Hi,
Kindly attend below request:-

For security checking in CDB, invalid username should not prompt 'Invalid username'. It should redirect to random pass phrase.

security phrase 1.jpg (304 KB) Nurul Athira Abdul Rahim, September 08, 2020 18:52

security phrase 2.jpg (360 KB) Nurul Athira Abdul Rahim, September 08, 2020 18:52

security phrase 3.jpg (305 KB) Nurul Athira Abdul Rahim, September 08, 2020 18:52

History

#1 Updated by Nurul Athira Abdul Rahim about 4 years ago

Assignee changed from Nurul Athira Abdul Rahim to Najmi Pasarudin

#2 Updated by Najmi Pasarudin about 4 years ago

Status changed from New - Begin Life Cycle to Development / Work In Progress
% Done changed from 0 to 90

#3 Updated by Najmi Pasarudin about 4 years ago

Status changed from Development / Work In Progress to Internal Testing
Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim

Issue:
CDB login show 'Invalid Username' if wrong username

Finding:
CDB login shows 'Invalid Username' based on BSN request during GO LIVE

Solution:
Update code so that CDB login will not show 'Invalid Username' if wrong username and will proceed to Password page with random pass phrase.
CDB will shows 'Invalid Username or password' when enter password.

Test scenario:

Prepare 3 random CDB usernames
Test CDB login with the usernames
Remember the pass phrase for each usernames
The same pass phrase will be assigned for one username
Re-test CDB login with the usernames
Enter password
Expected result, CDB login will allow random username but will show 'Invalid Username or password' on password page

#4 Updated by Nurul Athira Abdul Rahim about 4 years ago

File security phrase 1.jpg added
File security phrase 2.jpg added
File security phrase 3.jpg added
Status changed from Internal Testing to System Integration Test

Tested and file

#5 Updated by Nurul Athira Abdul Rahim about 4 years ago

Status changed from System Integration Test to Pending Review

#6 Updated by Nurul Athira Abdul Rahim almost 4 years ago

Status changed from Pending Review to Closed - End of life cycle

Migration ID ID0016

Also available in: Atom PDF

B - Production Support » BSN CDB Support

Issues