Notifications

124 views

Description

There is a problem with Encrypted Text fields when two users are on the same record page and live form is on.
For example:
If user A updates the record XYZ, the user B also looking at XYZ record, will see the update from user A. However the value user B see contain encryption characters.
If user B save the form, the encrypted characters, will be saved in the data base. At this point, the value won't make sense anymore because the encryption characters.

Steps to Reproduce

 
 
PART 1
1- As maint, navigate to System Security > Field Encryption > Encryption Contexts
2- Click the button New.
3- Enter
- Name = TestSNC
3.a- Save the record
 
PART 2: Create an Encryption Text field on Incident table
4- Navigate to an incident form
5- Right click on the header and select Configure > Form Layout
6- Under the section "Create new field" enter:
- Name = EncryptTest
- Database column name = encrypttest
- Type = Encrypted Text
7- Click Add, then click save
 
PART 3: Allow ITIL users to see the Encrypted field
8- Naviaget to System Security > Users and Groups > Roles
9- FInd the ITIL role and open it.
10- Right click on the header, select Configure > Form Layout, then add the field "Encryption context [+]" to the form.
11- On the field 'Encryption context' add testSNC (from step 3)
12- Save the record.
 
PART 4: Reproducing the issue. (Needs to login/Impersonate won't work)
13- Login with ITIL user 1 in Browser 1 and go to Incident INC0010005
14- Login with ITIL user 2 in Browser 2 and go to Incident INC0010005
15- ITIL user 1 enter 'abc' in the testSNC field and save the record.
16- ITIL user 2 see a value that look something like this "﷠﷡﷢d8c862b7db525300c5a2f23aaf961941﷌﷍5K0bwpF3j/+FenYoTlY3uA==﷎﷏"
 
17- If the user 2 save the form this value will be saved permanently as testSNC value "﷠﷡﷢d8c862b7db525300c5a2f23aaf961941﷌﷍5K0bwpF3j/+FenYoTlY3uA==﷎﷏"
OR
17- If the user 2 Reload the form, he will see 'abc' in the testSNC field. 
 
Unexpected behavior:
- Step 16
 
Expected behavior:
- Step 16 should be "ITIL user 2 see 'abc' in the testSNC field.
 

Workaround

 

As a workaround, turning off live form will prevent this issue from happening: - https://docs.servicenow.com/bundle/kingston-platform-user-interface/page/use/navigation/task/configure-live-form-feat.html.

 

To recover the already corrupted data;

1- Go to System Definition -> Scripts - Background 

2- Run the script below;

var recordA = new GlideRecord(<tableName>); 
recordA.get(<SysId of a corrupted record>); 
var encryptedValue = recordA.getDisplayValue('encrypted_data'); //here we decrypt the double encrypted value, which is still encrypted 
var recordB = new GlideRecord(<tableName>); 
recordB.getElement('encrypted_data').setValue(encryptedValue); //At this point, recordB becomes a the one-time encrypted version 
recordB.insert(); 
gs.info("This value should not be decrypted: " + recordB.getDisplayValue('encrypted_data'));
 
* A new record will be created as a result of this script. The newly-created record can be deleted after recovering the data

Related Problem: PRB1286217

Seen In

There is no data to report.

Fixed In

Madrid

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-05-21 11:43:02
Published:2018-11-01