[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password. |
Date: |
Mon, 31 Mar 2003 03:54:16 -0500 |
=================== BUG #3013: FULL BUG SNAPSHOT ===================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3013&group_id=509
Submitted by: izzyb Project: phpGroupWare
Submitted on: Mon 03/31/2003 at 08:54
Category: API - Setup Bug Group: 0.9.14.002 release
Severity: 5 - Major Priority: High
Resolution: None Assigned to: None
Status: Open Component Version: None
Platform Version: None Reproducibility: Intermittent
Summary: Security issue: Fatal Error provides link to setup without password.
Original Submission: I'm getting the following error intermittently, sometimes
with a broken link:
Fatal Error: It appears that you have not created the database tables for
phpGroupWare. Click here to run setup.
At this point, I'm not sure the cause, but I'm more concerned with the security
issue it creates. The provided link, when it works, links directly to the
setup III page without prompting for a password. This could leave a site open
to attach or stupid user syndrome. I noticed it when the error came up when I
was logged in as a non-admin user. After hitting re-check my database a few
times, the normal setup screen came up complete with the "uninstall all
applications" button.
No Followups Have Been Posted
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3013&group_id=509
- [Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password.,
nobody <=