Anonymous | Login | 2024-11-21 04:12 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000070 | ClearOS | clearos-framework | public | 2010-04-08 20:57 | 2010-07-20 12:42 | ||||
Reporter | bchambers | ||||||||
Assigned To | |||||||||
Priority | normal | Severity | minor | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 5.1 | ||||||||
Target Version | 5.2 | Fixed in Version | 5.2 | ||||||
Summary | 0000070: Selecting root or user password with < or > characters prevents webconfig login | ||||||||
Description | < and > are valid characters for a password that can be used to select the root password during installation and (possibly, not verified) used when creating user accounts or resetting a password. /var/webconfig/gui/Webconfig.inc.php has a "WebCheckFormVariables" method which barfs "Invalid form variable" when it sees a < or >. This makes logging into webconfig impossible. | ||||||||
Additional Information | To duplicate, set root password to something like: bob>123 using passwd utility. Then, try logging to webconfig as root. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Relationships | ||||||
|
Notes | |
(0000174) user2 2010-06-09 11:49 |
Source Code Changelog --------------------------------------------------- - Created a workaround for basic XSS check and logins [fixed tracker 0000070] File Changes --------------------------------------------------- U legacy/webconfig/trunk/gui/Webconfig.inc.php |
Issue History | |||
Date Modified | Username | Field | Change |
2010-04-08 20:57 | bchambers | New Issue | |
2010-04-10 11:12 | user2 | Relationship added | related to 0000012 |
2010-04-10 11:12 | user2 | Severity | major => minor |
2010-04-10 11:12 | user2 | Status | new => confirmed |
2010-04-29 12:34 | user2 | Checkin | |
2010-04-29 12:34 | user2 | Note Added: 0000098 | |
2010-04-29 12:35 | user2 | Note Deleted: 0000098 | |
2010-06-09 11:49 | user2 | Checkin | |
2010-06-09 11:49 | user2 | Note Added: 0000174 | |
2010-06-09 11:49 | user2 | Status | confirmed => resolved |
2010-06-09 11:49 | user2 | Resolution | open => fixed |
2010-06-09 11:50 | user2 | Fixed in Version | => 5.2 |
2010-06-09 11:50 | user2 | Target Version | => 5.2 |
2010-07-20 12:42 | user2 | Status | resolved => closed |