[Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides

phpgroupware-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides

From:	nobody
Subject:	[Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password.
Date:	Mon, 31 Mar 2003 06:37:01 -0500

=================== BUG #3013: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3013&group_id=509

Changes by: Ralf Becker <address@hidden>
Date: Mon 03/31/2003 at 13:37 (Europe/Berlin)

            What     | Removed                   | Added
---------------------------------------------------------------------------
              Status | Open                      | Closed




=================== BUG #3013: FULL BUG SNAPSHOT ===================


Submitted by: izzyb                   Project: phpGroupWare                 
Submitted on: Mon 03/31/2003 at 10:54
Category:  API - Setup                Bug Group:  0.9.14.002 release        
Severity:  5 - Major                  Priority:  High                       
Resolution:  None                     Assigned to:  None                    
Status:  Closed                       Component Version:  None              
Platform Version:  None               Reproducibility:  Intermittent        

Summary:  Security issue: Fatal Error provides link to setup without password.

Original Submission:  I'm getting the following error intermittently, sometimes 
with a broken link:

Fatal Error: It appears that you have not created the database tables for 
phpGroupWare. Click here to run setup.

At this point, I'm not sure the cause, but I'm more concerned with the security 
issue it creates.  The provided link, when it works, links directly to the 
setup III page without prompting for a password.  This could leave a site open 
to attach or stupid user syndrome.  I noticed it when the error came up when I 
was logged in as a non-admin user.  After hitting re-check my database a few 
times, the normal setup screen came up complete with the "uninstall all 
applications" button.


Follow-up Comments
*******************

-------------------------------------------------------
Date: Mon 03/31/2003 at 11:00       By: izzyb
Oops, false alarm.  I had another browser window open and logged into the setup 
III screen.  I just reproduced the problem after logging out and it does come 
to a password prompt.

It's safe to close this bug report.


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3013&group_id=509

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password., nobody, 2003/03/31
- [Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password., nobody, 2003/03/31
- [Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password., nobody <=

Prev by Date: [Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password.
Next by Date: [Phpgroupware-tracker] [Bug #2740] Errors when uploading files
Previous by thread: [Phpgroupware-tracker] [Bug #3013] Security issue: Fatal Error provides link to setup without password.
Index(es):
- Date
- Thread