View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000209 | Main CAcert Website | source code | public | 2006-04-16 11:07 | 2013-01-14 08:06 |
| Reporter | blshkv | Assigned To | duane | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2006 | ||||
| Summary | 0000209: unauthenticated access on the test1 website | ||||
| Description | It's possible to manipulate (vew/change/delete) any user data without without being loged in by anyone. https://www.test1.cacert.at/account/43.php https://www.test1.cacert.at/account/43.php?userid=176 (add "assurance" parameter to delete) https://www.test1.cacert.at/account/53.php?ccid=1 and more. Don't relay on .htaccess and don't keep such files in the webroot. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| duplicate of | 0000152 | closed | I spy with my little eye something beginning with U ... |
|
|
This bug has been fixed for the main website and the test1 site hasn't been updated yet. |
|
|
files moved from webroot |
|
|
Change not yet visible in tarball. |
|
|
The updated tarball doesn't show the files in the right place! Please reassign this report to me when updated. |
|
|
This was already fixed in another bug when we shifted all display code from out of the webroot... |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-04-16 11:07 | blshkv | New Issue | |
| 2006-04-20 18:37 |
|
Relationship added | duplicate of 0000152 |
| 2006-04-20 18:43 |
|
Note Added: 0000157 | |
| 2006-04-21 06:31 | duane | Status | new => closed |
| 2006-04-21 06:31 | duane | Note Added: 0000164 | |
| 2006-04-21 06:31 | duane | Resolution | open => fixed |
| 2006-04-21 06:31 | duane | Fixed in Version | => production |
| 2006-04-24 05:42 |
|
Note Added: 0000197 | |
| 2006-04-24 05:42 |
|
Assigned To | => bluec |
| 2006-04-24 05:42 |
|
Status | closed => needs work |
| 2006-05-07 21:11 |
|
Note Added: 0000218 | |
| 2006-05-07 21:11 |
|
Assigned To | bluec => duane |
| 2006-08-14 03:36 | duane | Status | needs work => closed |
| 2006-08-14 03:36 | duane | Note Added: 0000411 | |
| 2006-08-14 03:37 | duane | Fixed in Version | production => |
| 2010-07-27 15:59 | Sourcerer | View Status | private => public |
| 2013-01-14 08:06 | Werner Dworak | Fixed in Version | => 2006 |
