Hi all.
I'm a bit puzzled.
I've been using masked type variable in my catalog item for capturing SSN value.
Per ServiceNow documentation "Since a masked variable uses platform encryption using TripleDES, the values for this variable are also encrypted"
However, my experience is different. When I impersonate an ITIL user and when I go to "sc_item_option_mtom" table list view I am able to see un-encrypted variable values.
Am I missing something?
1 ACCEPTED SOLUTION
I have upgraded my instance to London and this issue seems to be ongoing.
I am able to see un-encrypted masked variable value in "value" field of "sc_item_option" table.
I hope this vulnerability will be addressed soon.
