There is a problem with Encrypted Text fields when two users are on the same record page and live form is on.
For example:
If user A updates the record XYZ, the user B also looking at XYZ record, will see the update from user A. However the value user B see contain encryption characters.
If user B save the form, the encrypted characters, will be saved in the data base. At this point, the value won't make sense anymore because the encryption characters.

Steps to Reproduce

1- As maint, navigate to System Security > Field Encryption > Encryption Contexts
2- Click the button New.
3- Enter
- Name = TestSNC
3.a- Save the record
PART 2: Create an Encryption Text field on Incident table
4- Navigate to an incident form
5- Right click on the header and select Configure > Form Layout
6- Under the section "Create new field" enter:
- Name = EncryptTest
- Database column name = encrypttest
- Type = Encrypted Text
7- Click Add, then click save
PART 3: Allow ITIL users to see the Encrypted field
8- Naviaget to System Security > Users and Groups > Roles
9- FInd the ITIL role and open it.
10- Right click on the header, select Configure > Form Layout, then add the field "Encryption context [+]" to the form.
11- On the field 'Encryption context' add testSNC (from step 3)
12- Save the record.
PART 4: Reproducing the issue. (Needs to login/Impersonate won't work)
13- Login with ITIL user 1 in Browser 1 and go to Incident INC0010005
14- Login with ITIL user 2 in Browser 2 and go to Incident INC0010005
15- ITIL user 1 enter 'abc' in the testSNC field and save the record.
16- ITIL user 2 see a value that look something like this "﷠﷡﷢d8c862b7db525300c5a2f23aaf961941﷌﷍5K0bwpF3j/+FenYoTlY3uA==﷎﷏"
17- If the user 2 save the form this value will be saved permanently as testSNC value "﷠﷡﷢d8c862b7db525300c5a2f23aaf961941﷌﷍5K0bwpF3j/+FenYoTlY3uA==﷎﷏"
17- If the user 2 Reload the form, he will see 'abc' in the testSNC field. 
Unexpected behavior:
- Step 16
Expected behavior:
- Step 16 should be "ITIL user 2 see 'abc' in the testSNC field.



As a workaround, turning off live form will prevent this issue from happening: -


To recover the already corrupted data;

1- Go to System Definition -> Scripts - Background 

2- Run the script below;

var recordA = new GlideRecord(<tableName>); 
recordA.get(<SysId of a corrupted record>); 
var encryptedValue = recordA.getDisplayValue('encrypted_data'); //here we decrypt the double encrypted value, which is still encrypted 
var recordB = new GlideRecord(<tableName>); 
recordB.getElement('encrypted_data').setValue(encryptedValue); //At this point, recordB becomes a the one-time encrypted version 
recordB.insert();"This value should not be decrypted: " + recordB.getDisplayValue('encrypted_data'));
* A new record will be created as a result of this script. The newly-created record can be deleted after recovering the data

Related Problem: PRB1286217

Seen In

There is no data to report.

Intended Fix Version


Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-03-02 11:59:21