phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #1171] admin authentication broken


From: nobody
Subject: [Phpgroupware-tracker] [Bug #1171] admin authentication broken
Date: Tue, 10 Sep 2002 19:57:14 -0400

=================== BUG #1171: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509

Changes by: Dave Hall <address@hidden>
Date: 2002-Sep-11 09:57 (Australia/Melbourne)

            What     | Removed                   | Added
---------------------------------------------------------------------------
            Category | API - Admin               | API - Setup
         Assigned to | None                      | seek3r




=================== BUG #1171: FULL BUG SNAPSHOT ===================


Submitted by: None                      Project: phpGroupWare                   
Submitted on: 2002-Sep-10 22:33
Category:  API - Setup                  Bug Group:  0.9.14 release              
Severity:  5 - Major                    Priority:  Immediate                    
Resolution:  None                       Assigned to:  seek3r                    
Status:  Open                           Platform Version:  Other                
Reproducibility:  Every Time            

Summary:  admin authentication broken

Original Submission:  RE: Authentication for config/setup and header admin 
broken

"logout" of either admin screen allows you to hit back button on browser, then 
refresh the admin screen and it logs you back in giving full privs without 
prompting for password.

Also it doesn't matter that you have two different passwords for the admin 
screens.  Once logged into either one, you can go to the other without 
authenticating by entering the URL.

This is a major security hole.  



No Followups Have Been Posted




No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509




reply via email to

[Prev in Thread] Current Thread [Next in Thread]