Summary

Following feature enhancements and bug fixes are covered in this update:

• Admin tab on UI

• Capture Re-Login

• Cross Site Scripting (XSS) prevention has been added

• Simplified Increff CAPTCHA

• Unable to assign roles on Super Admin Panel

Enhancements

Key Features

Admin Tab on UI

• Admin tab is provided on UI to view all users with Admin access.

Capture Re-Login

Issue

• Account Server allows 1 login per user for an organization. If the user logs in a different machine using the same credentials, the user gets logged out from the previous application. 

• We don’t have a way to capture this re-login behavior.

Solution

• We have provided a key RE_LOGIN in the audit which can be used to provide info on such logouts.

Cross Site Scripting (XSS) prevention

XSS is a security vulnerability that allows an attacker to compromise the interactions that users have with the application by injecting malicious code to the browser. To prevent it, we have done the following

• Added Content Security Policy in the backend.

• Specified domains for scripts and images to prevent loading of malicious scripts and images.

• Removed inline javascript by creating separate script files & attached in the html page respectively.

• Updated Datatables library to be without pdfmake as a dependency as it was not being used anywhere.

• Replaced CDN CSS links with our static.increff.com links.

Simplified Increff CAPTCHA

• We have reworked on our inhouse captcha and created just Arithmetic expressions instead of Case Sensitive Alphanumeric values.

• We have also created some images in dark-mode to increase readability of the content.

Bug Fixes

Unable to assign roles

• Users weren’t able to assign roles to newly created users via the Account Server Superadmin Panel.

• Users weren’t able to assign roles to any user when coming from the Organisations page in the Account Server Superadmin Panel.