[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #1171] admin authentication security hole
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #1171] admin authentication security hole |
Date: |
Wed, 19 Mar 2003 23:03:14 -0500 |
=================== BUG #1171: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509
Changes by: Dave Hall <address@hidden>
Date: Thu 03/20/03 at 15:03 (Australia/Melbourne)
What | Removed | Added
---------------------------------------------------------------------------
Assigned to | seek3r | skwashd
Summary | admin authentication broken | admin authentication
security hole
------------------ Additional Follow-up Comments ----------------------------
I have fixed this ... just awaiting test results
=================== BUG #1171: FULL BUG SNAPSHOT ===================
Submitted by: None Project: phpGroupWare
Submitted on: Tue 09/10/02 at 22:33
Category: API - Setup Bug Group: 0.9.14 release
Severity: 7 Priority: Immediate
Resolution: None Assigned to: skwashd
Status: Open Component Version: None
Platform Version: Other Reproducibility: Every Time
Summary: admin authentication security hole
Original Submission: RE: Authentication for config/setup and header admin
broken
"logout" of either admin screen allows you to hit back button on browser, then
refresh the admin screen and it logs you back in giving full privs without
prompting for password.
Also it doesn't matter that you have two different passwords for the admin
screens. Once logged into either one, you can go to the other without
authenticating by entering the URL.
This is a major security hole.
Follow-up Comments
*******************
-------------------------------------------------------
Date: Thu 03/20/03 at 15:03 By: skwashd
I have fixed this ... just awaiting test results
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509
- [Phpgroupware-tracker] [Bug #1171] admin authentication security hole,
nobody <=