[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #1171] admin authentication broken
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #1171] admin authentication broken |
Date: |
Tue, 26 Nov 2002 04:14:05 -0500 |
=================== BUG #1171: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509
Changes by: Dave Hall <address@hidden>
Date: 2002-Nov-26 20:14 (Australia/Melbourne)
What | Removed | Added
---------------------------------------------------------------------------
Severity | 5 - Major | 7
=================== BUG #1171: FULL BUG SNAPSHOT ===================
Submitted by: None Project: phpGroupWare
Submitted on: 2002-Sep-10 22:33
Category: API - Setup Bug Group: 0.9.14 release
Severity: 7 Priority: Immediate
Resolution: None Assigned to: seek3r
Status: Open Component Version: None
Platform Version: Other Reproducibility: Every Time
Summary: admin authentication broken
Original Submission: RE: Authentication for config/setup and header admin
broken
"logout" of either admin screen allows you to hit back button on browser, then
refresh the admin screen and it logs you back in giving full privs without
prompting for password.
Also it doesn't matter that you have two different passwords for the admin
screens. Once logged into either one, you can go to the other without
authenticating by entering the URL.
This is a major security hole.
No Followups Have Been Posted
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [Bug #1171] admin authentication broken,
nobody <=