[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #1171] admin authentication broken
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #1171] admin authentication broken |
Date: |
Tue, 10 Sep 2002 08:33:02 -0400 |
=================== BUG #1171: FULL BUG SNAPSHOT ===================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509
Submitted by: None Project: phpGroupWare
Submitted on: 2002-Sep-10 08:33
Category: API - Admin Bug Group: 0.9.14 release
Severity: 5 - Major Priority: Immediate
Resolution: None Assigned to: None
Status: Open Platform Version: Other
Reproducibility: Every Time
Summary: admin authentication broken
Original Submission: RE: Authentication for config/setup and header admin
broken
"logout" of either admin screen allows you to hit back button on browser, then
refresh the admin screen and it logs you back in giving full privs without
prompting for password.
Also it doesn't matter that you have two different passwords for the admin
screens. Once logged into either one, you can go to the other without
authenticating by entering the URL.
This is a major security hole.
No Followups Have Been Posted
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509
- [Phpgroupware-tracker] [Bug #1171] admin authentication broken,
nobody <=