phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides


From: nobody
Subject: [Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password.
Date: Mon, 31 Mar 2003 03:54:16 -0500

=================== BUG #3013: FULL BUG SNAPSHOT ===================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3013&group_id=509

Submitted by: izzyb                   Project: phpGroupWare                 
Submitted on: Mon 03/31/2003 at 08:54
Category:  API - Setup                Bug Group:  0.9.14.002 release        
Severity:  5 - Major                  Priority:  High                       
Resolution:  None                     Assigned to:  None                    
Status:  Open                         Component Version:  None              
Platform Version:  None               Reproducibility:  Intermittent        

Summary:  Security issue: Fatal Error provides link to setup without password.

Original Submission:  I'm getting the following error intermittently, sometimes 
with a broken link:

Fatal Error: It appears that you have not created the database tables for 
phpGroupWare. Click here to run setup.

At this point, I'm not sure the cause, but I'm more concerned with the security 
issue it creates.  The provided link, when it works, links directly to the 
setup III page without prompting for a password.  This could leave a site open 
to attach or stupid user syndrome.  I noticed it when the error came up when I 
was logged in as a non-admin user.  After hitting re-check my database a few 
times, the normal setup screen came up complete with the "uninstall all 
applications" button.




No Followups Have Been Posted


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3013&group_id=509




reply via email to

[Prev in Thread] Current Thread [Next in Thread]