| Anonymous | Login | 2024-11-21 01:37 MST |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000070 | ClearOS | clearos-framework | public | 2010-04-08 20:57 | 2010-07-20 12:42 | ||||
| Reporter | bchambers | ||||||||
| Assigned To | |||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 5.1 | ||||||||
| Target Version | 5.2 | Fixed in Version | 5.2 | ||||||
| Summary | 0000070: Selecting root or user password with < or > characters prevents webconfig login | ||||||||
| Description | < and > are valid characters for a password that can be used to select the root password during installation and (possibly, not verified) used when creating user accounts or resetting a password. /var/webconfig/gui/Webconfig.inc.php has a "WebCheckFormVariables" method which barfs "Invalid form variable" when it sees a < or >. This makes logging into webconfig impossible. | ||||||||
| Additional Information | To duplicate, set root password to something like: bob>123 using passwd utility. Then, try logging to webconfig as root. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0000174) user2 2010-06-09 11:49 |
Source Code Changelog --------------------------------------------------- - Created a workaround for basic XSS check and logins [fixed tracker 0000070] File Changes --------------------------------------------------- U legacy/webconfig/trunk/gui/Webconfig.inc.php |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-04-08 20:57 | bchambers | New Issue | |
| 2010-04-10 11:12 | user2 | Relationship added | related to 0000012 |
| 2010-04-10 11:12 | user2 | Severity | major => minor |
| 2010-04-10 11:12 | user2 | Status | new => confirmed |
| 2010-04-29 12:34 | user2 | Checkin | |
| 2010-04-29 12:34 | user2 | Note Added: 0000098 | |
| 2010-04-29 12:35 | user2 | Note Deleted: 0000098 | |
| 2010-06-09 11:49 | user2 | Checkin | |
| 2010-06-09 11:49 | user2 | Note Added: 0000174 | |
| 2010-06-09 11:49 | user2 | Status | confirmed => resolved |
| 2010-06-09 11:49 | user2 | Resolution | open => fixed |
| 2010-06-09 11:50 | user2 | Fixed in Version | => 5.2 |
| 2010-06-09 11:50 | user2 | Target Version | => 5.2 |
| 2010-07-20 12:42 | user2 | Status | resolved => closed |
|
Issue History |