View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000217 | Main CAcert Website | source code | public | 2006-04-25 20:53 | 2013-11-20 22:23 |
Reporter | aanriot | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2006 | ||||
Summary | 0000217: remove old functionality for CSR | ||||
Description | account.php?id=45 and id=46 implement the same functionality as id=10 and id=11. As they are using the same session variables but different verification methods and a different implementation this may lead to unforseen behaviour of the site. Currently I see no possible exploit but it should be possible to use id=45 to initialise $_SESSION['_config']['0.CN'] and then use id=11 to process a not existing the CSR file, circumventing if($_SESSION['_config']['0.CN'] == "" [...] { [...] exit; } Recommendation: id=45 and id=46 should be removed as they are not used anyway. At least block access for normal users. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2006-04-25 20:53 |
|
New Issue | |
2006-08-14 16:10 | duane | Status | new => needs work |
2006-08-14 16:10 | duane | Assigned To | => bluec |
2006-08-14 16:11 | duane | Status | needs work => solved? |
2006-08-14 16:11 | duane | Fixed in Version | => production |
2006-08-14 16:11 | duane | Resolution | open => fixed |
2006-08-14 16:11 | duane | Note Added: 0000454 | |
2007-10-24 06:17 | evaldo | Reporter | bluec => aanriot |
2007-10-24 06:17 | evaldo | Assigned To | bluec => |
2007-10-24 06:17 | evaldo | Status | solved? => closed |
2013-01-14 08:12 | Werner Dworak | Fixed in Version | => 2006 |
2013-11-20 22:23 | NEOatNHNG | View Status | private => public |