SiT! Bugs - SiT!
View Issue Details
0000121SiT!reportspublic2008-07-18 15:532008-07-22 15:08
ivan 
ivan 
immediateblockalways
closedfixed 
3.35 
3.363.36 
0000121: QBE report can reveal sensitive information
Although the QBE report is protected by requiring report permission (67) to run, most users do already have this permission.

The report is not discriminating about what tables you can report on, which is not good really, it means that potentially MD5 version of other peoples passwords can be viewed, and these could then potentially be cracked by looking them up in online MD5 dictionaries.
No tags attached.
Issue History
2008-07-18 15:53ivanNew Issue
2008-07-18 15:56ivanStatusnew => confirmed
2008-07-18 15:58ivanStatusconfirmed => assigned
2008-07-18 15:58ivanAssigned To => ivan
2008-07-18 16:20ivanNote Added: 0000041
2008-07-18 16:20ivanStatusassigned => resolved
2008-07-18 16:20ivanFixed in Version => 3.36
2008-07-18 16:20ivanResolutionopen => fixed
2008-07-22 15:08ivanStatusresolved => closed

Notes
(0000041)
ivan   
2008-07-18 16:20   
Fixed in svn trunk r3843 and ported to 3.36 branch (r3844)