There is a problem with Encrypted Text fields when two users are on the same record page and live form is on.
If user A updates the record XYZ, the user B also looking at XYZ record, will see the update from user A. However the value user B see contain encryption characters.
If user B save the form, the encrypted characters, will be saved in the data base. At this point, the value won't make sense anymore because the encryption characters.
Steps to Reproduce
1- As maint, navigate to System Security > Field Encryption > Encryption Contexts
2- Click the button New.
- Name = TestSNC
3.a- Save the record
PART 2: Create an Encryption Text field on Incident table
4- Navigate to an incident form
5- Right click on the header and select Configure > Form Layout
6- Under the section "Create new field" enter:
- Name = EncryptTest
- Database column name = encrypttest
- Type = Encrypted Text
7- Click Add, then click save
PART 3: Allow ITIL users to see the Encrypted field
8- Naviaget to System Security > Users and Groups > Roles
9- FInd the ITIL role and open it.
10- Right click on the header, select Configure > Form Layout, then add the field "Encryption context [+]" to the form.
11- On the field 'Encryption context' add testSNC (from step 3)
12- Save the record.
PART 4: Reproducing the issue. (Needs to login/Impersonate won't work)
13- Login with ITIL user 1 in Browser 1 and go to Incident INC0010005
14- Login with ITIL user 2 in Browser 2 and go to Incident INC0010005
15- ITIL user 1 enter 'abc' in the testSNC field and save the record.
16- ITIL user 2 see a value that look something like this "d8c862b7db525300c5a2f23aaf9619415K0bwpF3j/+FenYoTlY3uA=="
17- If the user 2 save the form this value will be saved permanently as testSNC value "d8c862b7db525300c5a2f23aaf9619415K0bwpF3j/+FenYoTlY3uA=="
17- If the user 2 Reload the form, he will see 'abc' in the testSNC field.
- Step 16
- Step 16 should be "ITIL user 2 see 'abc' in the testSNC field.
As a workaround, turning off live form will prevent this issue from happening: - https://docs.servicenow.com/bundle/kingston-platform-user-interface/page/use/navigation/task/configure-live-form-feat.html.
To recover the already corrupted data;
1- Go to System Definition -> Scripts - Background
2- Run the script below;
var recordA = new GlideRecord(<tableName>);
recordA.get(<SysId of a corrupted record>);
var encryptedValue = recordA.getDisplayValue('encrypted_data'); //here we decrypt the double encrypted value, which is still encrypted
var recordB = new GlideRecord(<tableName>);
recordB.getElement('encrypted_data').setValue(encryptedValue); //At this point, recordB becomes a the one-time encrypted version
gs.info("This value should not be decrypted: " + recordB.getDisplayValue('encrypted_data'));
* A new record will be created as a result of this script. The newly-created record can be deleted after recovering the data
Related Problem: PRB1286217