Anonymous | Login | Signup for a new account | 2021-01-22 19:06 GMT | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000121 | SiT! | reports | public | 2008-07-18 15:53 | 2008-07-22 15:08 | ||||
Reporter | ivan | ||||||||
Assigned To | ivan | ||||||||
Priority | immediate | Severity | block | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 3.35 | ||||||||
Target Version | 3.36 | Fixed in Version | 3.36 | ||||||
Summary | 0000121: QBE report can reveal sensitive information | ||||||||
Description | Although the QBE report is protected by requiring report permission (67) to run, most users do already have this permission. The report is not discriminating about what tables you can report on, which is not good really, it means that potentially MD5 version of other peoples passwords can be viewed, and these could then potentially be cracked by looking them up in online MD5 dictionaries. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
![]() |
|
ivan (administrator) 2008-07-18 16:20 |
Fixed in svn trunk r3843 and ported to 3.36 branch (r3844) |
![]() |
|||
Date Modified | Username | Field | Change |
2008-07-18 15:53 | ivan | New Issue | |
2008-07-18 15:56 | ivan | Status | new => confirmed |
2008-07-18 15:58 | ivan | Status | confirmed => assigned |
2008-07-18 15:58 | ivan | Assigned To | => ivan |
2008-07-18 16:20 | ivan | Note Added: 0000041 | |
2008-07-18 16:20 | ivan | Status | assigned => resolved |
2008-07-18 16:20 | ivan | Fixed in Version | => 3.36 |
2008-07-18 16:20 | ivan | Resolution | open => fixed |
2008-07-22 15:08 | ivan | Status | resolved => closed |
Copyright © 2000 - 2021 MantisBT Team |