Activity
From March 01, 2022 to March 30, 2022
March 25, 2022
- 16:37 1. CDB_Phase 2 & 3 Development Bug #12381 (Development / Work In Progress): DuitNow - Arrangement of Mobile details receipt shou...
- Issue is triggered when getting unordered set of value request from mobile.
Suspected occur during mfp which is con... - 16:36 1. CDB_Phase 2 & 3 Development Bug #12382 (Development / Work In Progress): Financing - Update mobile receipt to display same as...
- Issue is triggered when getting unordered set of value request from mobile.
Suspected occur during mfp which is con... - 16:34 1. CDB_Phase 2 & 3 Development Bug #12383 (Development / Work In Progress): Corporate Card - Update mobile receipt to display sa...
- Issue is triggered when getting unordered set of value request from mobile.
Suspected occur during mfp which is con...
March 24, 2022
- 15:18 1. CDB_Phase 2 & 3 Development Bug #12388 (System Integration Test): DuitNow - "null" is displayed in Verifier Receipt when init...
- 15:18 1. CDB_Phase 2 & 3 Development Bug #12388: DuitNow - "null" is displayed in Verifier Receipt when initiate from Mobile
- Tested & passed
- 14:52 1. CDB_Phase 2 & 3 Development Bug #12388 (Internal Testing): DuitNow - "null" is displayed in Verifier Receipt when initiate fr...
- Please test SIT build 266 version 3.2.10 for VPN Penril, and SIT build 267 for Internal BSN
March 23, 2022
- 14:16 1. CDB_Phase 2 & 3 Development Task #11675 (Work Completed-End life cycle): WEB - Credit Card
- tested & passed
- 14:15 1. CDB_Phase 2 & 3 Development Task #12053 (Work Completed-End life cycle): RFP 1.1.4 - Financing- Web development
- tested & passed
- 14:13 1. CDB_Phase 2 & 3 Development Bug #12183 (System Integration Test): Financing - Receipt not display Transfer Mode for Mobile
- 14:12 1. CDB_Phase 2 & 3 Development Bug #12385 (System Integration Test): IBG - "null" is displayed in Verifier Receipt when initiate...
- 14:12 1. CDB_Phase 2 & 3 Development Bug #12385: IBG - "null" is displayed in Verifier Receipt when initiate from Mobile
- Tested & passed
- 14:10 1. CDB_Phase 2 & 3 Development Bug #12812 (System Integration Test): Rentas_Android - Receipt Title is wrongly displayed for Fav...
- 14:10 1. CDB_Phase 2 & 3 Development Bug #12812: Rentas_Android - Receipt Title is wrongly displayed for Favourite Popup IBG to Rentas...
- Tested & passed
- 13:27 1. CDB_Phase 2 & 3 Development Bug #12385 (Internal Testing): IBG - "null" is displayed in Verifier Receipt when initiate from M...
- Hi Syahira,
kindly refer to the link below for SIT apk.
https://drive.google.com/file/d/1M2M5pgrXcdubKV7MsJm4uJ... - 13:25 1. CDB_Phase 2 & 3 Development Bug #12388: DuitNow - "null" is displayed in Verifier Receipt when initiate from Mobile
- Hi Syahira,
kindly refer to the link below for the Android SIT apk.
https://drive.google.com/file/d/1M2M5pgrXc... - 13:23 1. CDB_Phase 2 & 3 Development Bug #12812 (Internal Testing): Rentas_Android - Receipt Title is wrongly displayed for Favourite ...
- Hi Syahira,
kindly refer to the link below for SIT apk.
https://drive.google.com/file/d/1M2M5pgrXcdubKV7MsJm4u...
March 22, 2022
- 16:32 1. CDB_Phase 2 & 3 Development Bug #12388 (Development / Work In Progress): DuitNow - "null" is displayed in Verifier Receipt wh...
- Beneficiary ID type & Account Holder Name need android code to update request parameter.
Account Holder Name needs i... - 09:52 1. CDB_Phase 2 & 3 Development Bug #12183: Financing - Receipt not display Transfer Mode for Mobile
- Tested & passed
- 09:23 1. CDB_Phase 2 & 3 Development Bug #12812 (Development / Work In Progress): Rentas_Android - Receipt Title is wrongly displayed ...
March 21, 2022
- 18:32 1. CDB_Phase 2 & 3 Development Bug #12385 (Development / Work In Progress): IBG - "null" is displayed in Verifier Receipt when i...
- Done fix display Transfer Mode. Beneficiary ID type needs android code to update request parameter.
IOS already okay. - 18:09 1. CDB_Phase 2 & 3 Development Bug #12183 (Internal Testing): Financing - Receipt not display Transfer Mode for Mobile
- SIT Restful deploy on 21/03/2022. Kindly retest.
- 16:53 1. CDB_Phase 2 & 3 Development Bug #12812: Rentas_Android - Receipt Title is wrongly displayed for Favourite Popup IBG to Rentas...
- After checking, the issue only found in android. Assign to Aina to check on android coding.
March 18, 2022
- 12:30 Task #12582 (System Integration Test): Pentest_CDB - OTP Does Not Expire [LOW]
- 11:37 Task #12582: Pentest_CDB - OTP Does Not Expire [LOW]
- Tested & passed:
1.Approver & Single User IOS – After OTP timeout, cannot login to Web
2.Approver & Single User A... - 10:51 Task #12582 (Internal Testing): Pentest_CDB - OTP Does Not Expire [LOW]
- Issue:
Mobile screen show OTP timeout is 1 minute but actual timeout at upass server is 5 minutes.
Finding:
The ... - 09:32 Task #12582: Pentest_CDB - OTP Does Not Expire [LOW]
- Got update from Mr.Lee.
Working on updating the OTP parameter in Upass. - 09:32 Task #12581: Pentest_CDB - Usable Previously Requested OTP [LOW]
- Got update from Mr.Lee.
Working on updating the OTP parameter in Upass. - 09:31 Task #12582 (Development / Work In Progress): Pentest_CDB - OTP Does Not Expire [LOW]
March 17, 2022
- 11:34 1. CDB_Phase 2 & 3 Development Bug #12866 (Internal Testing): BSNeBiz Navigation - Set Zakat to offline
- Issue:
System off the module at BSNeBiz Navigation but displays different offline message
Cause:
Because the mai...
March 16, 2022
- 14:53 Task #12581: Pentest_CDB - Usable Previously Requested OTP [LOW]
- Based on Adit's feedback, the OTP library provided by Mr.Lee has 5 minutes buffer.
Currently unable to update due to... - 14:51 Task #12582 (System Integration Test): Pentest_CDB - OTP Does Not Expire [LOW]
- Based on Adit's feedback, the OTP library provided by Mr.Lee has 5 minutes buffer.
Currently unable to update due to... - 14:37 1. CDB_Phase 2 & 3 Development Bug #12382: Financing - Update mobile receipt to display same as web
- Hi Hasnieza, please help with this task.
- 14:37 1. CDB_Phase 2 & 3 Development Bug #12812: Rentas_Android - Receipt Title is wrongly displayed for Favourite Popup IBG to Rentas...
- Hi Hasnieza, please help with this task.
- 14:37 1. CDB_Phase 2 & 3 Development Bug #12388: DuitNow - "null" is displayed in Verifier Receipt when initiate from Mobile
- Hi Hasnieza, please help with this task.
- 14:37 1. CDB_Phase 2 & 3 Development Bug #12385: IBG - "null" is displayed in Verifier Receipt when initiate from Mobile
- Hi Hasnieza, please help with this task.
- 14:36 1. CDB_Phase 2 & 3 Development Bug #12381: DuitNow - Arrangement of Mobile details receipt should follow Web receipt
- Hi Hasnieza, please help with this task.
- 14:36 1. CDB_Phase 2 & 3 Development Bug #12183: Financing - Receipt not display Transfer Mode for Mobile
- Hi Hasnieza, please help with this task.
- 14:25 1. CDB_Phase 2 & 3 Development Bug #12866 (Development / Work In Progress): BSNeBiz Navigation - Set Zakat to offline
- 14:18 1. CDB_Phase 2 & 3 Development Bug #12866 (Internal Testing): BSNeBiz Navigation - Set Zakat to offline
- Test Scenario :
Set Zakat to offline and add offline message at BSNeBiz Navigation
Test Step :
1. Access to ... - 12:03 Task #12583 (Pending Review): Pentest_CDB - No Client-Side Session Timeout [LOW]
- Production deployed on 4/3/2022
- 12:01 Task #12593 (System Integration Test): Pentest_CDB - Arbitrary Host Header Accepted [INFO]
- CF:Configuration between IBM HTTP Server(Web Server) and IBM WebSphere Application Server(App Server) are using hosts...
- 12:00 Task #12592 (System Integration Test): Pentest_CDB - TLS/SSL Server Supports The Use of Static Ke...
- CF:Listed TLS were used by IBM WAS Application and default supported TLS encrption under strong cipher suite groups s...
- 11:59 Task #12590 (System Integration Test): Pentest_CDB - Diffie-Hellman Group Smaller Than 2048 Bits ...
- CF:Listed TLS were used by IBM WAS Application and default supported TLS encrption under strong cipher suite groups s...
- 11:59 Task #12589 (System Integration Test): Pentest_CDB - [POTENTIAL] TLS/SSL Timing Side-Channel Atta...
- CF:Staging server are unable to perform OS /yum update due to limited license
- 11:58 Task #12584 (System Integration Test): Pentest_CDB - Missing "Content-Security-Policy" Header [LOW]
- LGMS team tested in application url instead of web url.
Fixes already applied to staging and production web server. - 11:58 Task #12586 (System Integration Test): Pentest_CDB - Missing "X-Content-Type-Options" Header [LOW]
- LGMS team tested in application url instead of web url.
Fixes already applied to staging and production web server. - 11:58 Task #12587 (System Integration Test): Pentest_CDB - Missing "X-Frame-Options" Header [LOW]
- LGMS team tested in application url instead of web url.
Fixes already applied to staging and production web server. - 11:58 Task #12588 (System Integration Test): Pentest_CDB - Missing HTTP "Strict-Transport-Security" Hea...
- LGMS team tested in application url instead of web url.
Fixes already applied to staging and production web server. - 11:57 Task #12579 (System Integration Test): Pentest_CDB - Username Enumeration [LOW]
- Not an issue.
CDB has 2 login page, with and without OTP, depending on user type.
Login with OTP:
SIngle user
... - 11:53 Task #12577 (System Integration Test): Pentest_CDB - Insecure Direct Object Reference (IDOR) [MED]
- LGMS marked as solved
- 11:51 Task #12576 (System Integration Test): Pentest_CDB - Using Components with Known Vulnerabilities ...
- SIT updated on 16/3/2022
ckeditor removed
JasperReport upgraded to version 6.19.0
iText 2.1.7.js9 is JasperRep... - 11:38 Task #12574 (System Integration Test): Pentest_IBAM - Arbitrary Host Header Accepted [INFO]
- CF:
Configuration between IBM HTTP Server(Web Server) and IBM WebSphere Application Server(App Server) are using hos... - 11:33 Task #12573 (System Integration Test): Pentest_IBAM - TLS/SSL Server Supports The Use of Static K...
- LGMS solution not possible based on CF comment.
CF:
Listed TLS were used by IBM WAS Application and default suppo... - 11:32 Task #12571 (System Integration Test): Pentest_IBAM - Diffie-Hellman Group Smaller Than 2048 Bits...
- LGMS solution not possible based on CF comment.
CF:
Listed TLS were used by IBM WAS Application and default suppo... - 11:30 Task #12570 (System Integration Test): Pentest_IBAM - [POTENTIAL] TLS/SSL Timing Side-Channel Att...
- Unable to apply fix to staging server due to limited license.
- 11:29 Task #12569 (Pending SIT Deployment): Pentest_IBAM - Reflected Cross-Site Scripting (XSS) [LOW]
- Previous fix was wrong.
SIT deployed on 16/3/2022 - 11:19 Task #12568 (System Integration Test): Pentest_IBAM - Insecure Direct Object Reference (IDOR) [LOW]
- Previous fix was wrong.
SIT deployed on 16/3/2022 - 10:26 Task #12564 (Pending Review): Pentest_IBAM - Multiple Concurrent Session Allowed [LOW]
- Production is already set as single sign-on.
UAT updated sso on 16/3/2022 - 10:25 Task #12560 (Pending Review): Pentest_IBAM - Missing "Content-Security-Policy" Header [LOW]
- LGMS team tested in application url instead of web url.
Fixes already applied to staging and production web server. - 10:25 Task #12562 (Pending Review): Pentest_IBAM - Missing "X-Frame-Options" Header [LOW]
- LGMS team tested in application url instead of web url.
Fixes already applied to staging and production web server. - 10:25 Task #12561 (Pending Review): Pentest_IBAM - Missing "X-Content-Type-Options" Header [LOW]
- LGMS team tested in application url instead of web url.
Fixes already applied to staging and production web server. - 10:24 Task #12563 (Pending Review): Pentest_IBAM - Missing HTTP "Strict-Transport-Security" Header [LOW]
- LGMS team tested in application url instead of web url.
Fixes already applied to staging and production web server. - 10:23 Task #12559 (System Integration Test): Pentest_IBAM - Username Enumeration [LOW]
- Previous fix is wrong.
SIT/UAT deployed on 16/3/2022 - 10:22 Task #12557 (Pending Review): Pentest_IBAM - TLS Cookie Without Secure Flag Set [MED]
- The LGMS solution cannot apply to Staging application server.
In production the issue is handled by web server. - 10:19 Task #12566 (Pending Review): Pentest_IBAM - No Client-Side Session Timeout [LOW]
- Production deployed on 4/3/2022
- 10:18 Task #12558 (Pending Review): Pentest_IBAM - Using Components with Known Vulnerabilities [MED]
- Production deployed on 4/3/2022
- 10:17 Task #12555 (Pending Review): Pentest_IBAM - SQL Injection [HIGH]
- Production deployed on 4/3/2022
March 14, 2022
- 12:54 Task #12593 (Development / Work In Progress): Pentest_CDB - Arbitrary Host Header Accepted [INFO]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:54 Task #12592 (Development / Work In Progress): Pentest_CDB - TLS/SSL Server Supports The Use of St...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:54 Task #12590 (Development / Work In Progress): Pentest_CDB - Diffie-Hellman Group Smaller Than 204...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:54 Task #12589 (Development / Work In Progress): Pentest_CDB - [POTENTIAL] TLS/SSL Timing Side-Chann...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:54 Task #12588 (Development / Work In Progress): Pentest_CDB - Missing HTTP "Strict-Transport-Securi...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:53 Task #12587 (Development / Work In Progress): Pentest_CDB - Missing "X-Frame-Options" Header [LOW]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:53 Task #12586 (Development / Work In Progress): Pentest_CDB - Missing "X-Content-Type-Options" Head...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:53 Task #12584 (Development / Work In Progress): Pentest_CDB - Missing "Content-Security-Policy" Hea...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:53 Task #12582 (Development / Work In Progress): Pentest_CDB - OTP Does Not Expire [LOW]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:52 Task #12581 (Development / Work In Progress): Pentest_CDB - Usable Previously Requested OTP [LOW]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:52 Task #12580 (Development / Work In Progress): Pentest_CDB - [POTENTIAL] Malicious File Upload [LOW]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:52 Task #12579 (Development / Work In Progress): Pentest_CDB - Username Enumeration [LOW]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:50 Task #12578 (Development / Work In Progress): Pentest_CDB - TLS Cookie Without Secure Flag Set [MED]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:49 Task #12577 (Development / Work In Progress): Pentest_CDB - Insecure Direct Object Reference (IDO...
- 'Solved
bootstrap 4.1.1
Not Solved
ckeditor 4.16.0
iText 2.1.7
JasperReports 6.6.0
Kindly review the fixe... - 12:48 Task #12575: Pentest_IBAM - HTTP TRACE Method Enabled[INFO]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:48 Task #12574 (Development / Work In Progress): Pentest_IBAM - Arbitrary Host Header Accepted [INFO]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:47 Task #12573 (Development / Work In Progress): Pentest_IBAM - TLS/SSL Server Supports The Use of S...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:47 Task #12571 (Development / Work In Progress): Pentest_IBAM - Diffie-Hellman Group Smaller Than 20...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:47 Task #12570 (Development / Work In Progress): Pentest_IBAM - [POTENTIAL] TLS/SSL Timing Side-Chan...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:46 Task #12569 (Development / Work In Progress): Pentest_IBAM - Reflected Cross-Site Scripting (XSS)...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:46 Task #12568 (Development / Work In Progress): Pentest_IBAM - Insecure Direct Object Reference (ID...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:44 Task #12564 (Development / Work In Progress): Pentest_IBAM - Multiple Concurrent Session Allowed ...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:44 Task #12563 (Development / Work In Progress): Pentest_IBAM - Missing HTTP "Strict-Transport-Secur...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:43 Task #12561 (Development / Work In Progress): Pentest_IBAM - Missing "X-Content-Type-Options" Hea...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:43 Task #12562 (Development / Work In Progress): Pentest_IBAM - Missing "X-Frame-Options" Header [LOW]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:42 Task #12560 (Development / Work In Progress): Pentest_IBAM - Missing "Content-Security-Policy" He...
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:42 Task #12559 (Development / Work In Progress): Pentest_IBAM - Username Enumeration [LOW]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
- 12:41 Task #12557 (Internal Testing): Pentest_IBAM - TLS Cookie Without Secure Flag Set [MED]
- Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
March 10, 2022
- 01:00 1. CDB_Phase 2 & 3 Development Bug #12854 (Internal Testing): Service Info - Set Zakat to offline
- Hi Athira,
I will tell Najmi to help deploying and after that the testing can go on.
Thank you.
--
Issue:
... - 15:49 1. CDB_Phase 2 & 3 Development Bug #12854 (Development / Work In Progress): Service Info - Set Zakat to offline
- 15:32 1. CDB_Phase 2 & 3 Development Bug #12854 (Internal Testing): Service Info - Set Zakat to offline
- Test Scenario :
Set Zakat tto offline and add offline message.
Test Step :
1. Access to Service Info > zaka... - 15:29 1. CDB_Phase 2 & 3 Development Task #12732 (Work Completed-End life cycle): ZAKAT - Test Script
- https://hub.penril.net/share/page/site/bsn/document-details?nodeRef=workspace://SpacesStore/f2f91580-a165-4896-90ec-9...
March 03, 2022
- 10:50 Task #12583 (Pending Prod Deployment): Pentest_CDB - No Client-Side Session Timeout [LOW]
- 10:45 Task #12577 (Pending Prod Deployment): Pentest_CDB - Insecure Direct Object Reference (IDOR) [MED]
- 10:37 Task #12568 (Pending Prod Deployment): Pentest_IBAM - Insecure Direct Object Reference (IDOR) [LOW]
- 10:02 Task #12566 (Pending Prod Deployment): Pentest_IBAM - No Client-Side Session Timeout [LOW]
- 10:01 Task #12559 (Pending Prod Deployment): Pentest_IBAM - Username Enumeration [LOW]
- 09:58 Task #12558 (Pending Prod Deployment): Pentest_IBAM - Using Components with Known Vulnerabilities...
- 09:52 Task #12555 (Pending Prod Deployment): Pentest_IBAM - SQL Injection [HIGH]
- 09:52 Task #12576 (Pending Prod Deployment): Pentest_CDB - Using Components with Known Vulnerabilities ...
March 02, 2022
- 14:14 1. CDB_Phase 2 & 3 Development Feature #12339 (Work Completed-End life cycle): SOCSO - Agent File Report update
- Tested and passed
- 14:14 1. CDB_Phase 2 & 3 Development Feature #12275 (Work Completed-End life cycle): SOCSO - To add transaction type at receipt
- Tested and passed
- 14:14 1. CDB_Phase 2 & 3 Development Task #12279 (Work Completed-End life cycle): SOCSO - Recent activity and verifier and approver
- Tested and passed
Also available in: Atom