A security bug?

Pasi Savilaakso larskis@nietos.tokem.fi
Fri, 11 Jan 2002 08:03:35 +0200

Previous message: [kronolith] Export does not work with pgsql
Next message: [kronolith] A security bug?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------------------- multipart/alternative attachment
I tested an admin array on Horde 2 and found out the following "security =
hole". if i am logged on as one of the admins and refresh the screen =
admin "button appears at the bottom of the screen. After pressing the =
logout button in th right upper corner admin button remains at the =
program bar at the bottom. Now i can login with another user (who is not =
an admin) and still enter the admin part of the horde and change the =
values. I have not made any special changes to the  files.

I found out this problem using IE6.

Lars


---------------------- multipart/alternative attachment--

Previous message: [kronolith] Export does not work with pgsql
Next message: [kronolith] A security bug?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]