When logging on to SuccessFactors HCM solution with an invalid username/password you noticed that the username/password is present in the URL address bar. The same effect happened also when clicking the ‘Forgot Password’ link when having the username/password fields populated.
The timeframe when this issue appeared was from September 16, 2016, 20:00 UTC to September 25, 2016, 12:00 UTC.
- BizX Platform
The fix for this issue has been deployed to all affected systems in the time range between September 23 and September 25, 2016, depending on the Data Center the system is located in. Therefore this issue is resolved.
As the part of the URL containing the username and password is always encrypted by the TLS protocol during transmission, this data have not been accessible to any third party. You may wish to clear your browser history/cache in order to prevent this information from being stored.
KBA , LOD-SF-PLT , Platform Foundational Capabilities , Problem