phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #1169] admin authentication and caching prob


From: nobody
Subject: [Phpgroupware-tracker] [Bug #1169] admin authentication and caching problems
Date: Tue, 26 Nov 2002 04:16:22 -0500

=================== BUG #1169: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1169&group_id=509

Changes by: Dave Hall <address@hidden>
Date: 2002-Nov-26 20:16 (Australia/Melbourne)

            What     | Removed                   | Added
---------------------------------------------------------------------------
            Severity | 5 - Major                 | 7
            Priority | High                      | Immediate




=================== BUG #1169: FULL BUG SNAPSHOT ===================


Submitted by: None                      Project: phpGroupWare                   
Submitted on: 2002-Sep-10 14:03
Category:  API - Setup                  Bug Group:  0.9.14 release              
Severity:  7                            Priority:  Immediate                    
Resolution:  None                       Assigned to:  seek3r                    
Status:  Open                           Component Version:  None                
Platform Version:  Other                Reproducibility:  Every Time            

Summary:  admin authentication and caching problems

Original Submission:  Logging into either admin/config  page or header admin 
page allows you to authenticate for the other by entering URL directly, without 
authenticating with the other admin password.

For instance, login to config/setup admin.  Then enter the 
/setup/manageheader.php URL.  You're in header admin now without a password.

The opposite is also true.  Login to header admin, then enter the URL for 
config/setup.  You are now in the config/setup area with full privs *without* 
having entered the config/setup password.

Also, pages are cached.  Admin Logout does not really work.  You can click 
Logout in either admin screen, use back button to go to working admin screen, 
REFRESH, and you are reauthenticated for both admin areas (config/setup and 
header admin).  One reauthenticated you can enter the URL directly for either 
admin screen with full capabilities in each.

Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Sep-11 10:00             By: skwashd
It appears to me that some of these issues are duplicated in bug 1171, see: 
https://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1169&group_id=509




reply via email to

[Prev in Thread] Current Thread [Next in Thread]