security concern

Project:RUcore dlr/EDIT
Version:5.1.2
Component:Code
Category:bug report
Priority:normal
Assigned:triggs
Status:closed
Description

We were able to edit and save changes, without authenticating in dlr/EDIT. Big problem. Bigger problem is I don't know what other components of dlr/EDIT have this same issue. IF someone were to construct the proper URL's they could do pretty serious damage.

I am unable to isolate this issue to one or a few pages in dlr/EDIT. Some pages require login while others don't. NJEdge/NJVid is also affected by this security concern.

This is an issue on lefty64 as well as MSS3. We need to decide whether to address this in this release or to find a better/permanent solution in R5.2.

Comments

#1

Assigned to:rjantz» triggs

There are still problems. I found the following two links still don't ask for authentication.

removed links.

#2

Status:active» fixed

Done.

#3

Status:fixed» closed

Done some time ago.

Back to top