View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000217 | Main CAcert Website | source code | public | 2006-04-25 20:53 | 2013-11-20 22:23 |
| Reporter | aanriot | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2006 | ||||
| Summary | 0000217: remove old functionality for CSR | ||||
| Description | account.php?id=45 and id=46 implement the same functionality as id=10 and id=11. As they are using the same session variables but different verification methods and a different implementation this may lead to unforseen behaviour of the site. Currently I see no possible exploit but it should be possible to use id=45 to initialise $_SESSION['_config']['0.CN'] and then use id=11 to process a not existing the CSR file, circumventing if($_SESSION['_config']['0.CN'] == "" [...] { [...] exit; } Recommendation: id=45 and id=46 should be removed as they are not used anyway. At least block access for normal users. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-04-25 20:53 |
|
New Issue | |
| 2006-08-14 16:10 | duane | Status | new => needs work |
| 2006-08-14 16:10 | duane | Assigned To | => bluec |
| 2006-08-14 16:11 | duane | Status | needs work => solved? |
| 2006-08-14 16:11 | duane | Fixed in Version | => production |
| 2006-08-14 16:11 | duane | Resolution | open => fixed |
| 2006-08-14 16:11 | duane | Note Added: 0000454 | |
| 2007-10-24 06:17 | evaldo | Reporter | bluec => aanriot |
| 2007-10-24 06:17 | evaldo | Assigned To | bluec => |
| 2007-10-24 06:17 | evaldo | Status | solved? => closed |
| 2013-01-14 08:12 | Werner Dworak | Fixed in Version | => 2006 |
| 2013-11-20 22:23 | NEOatNHNG | View Status | private => public |
