SiT! Bugs

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000121SiT!reportspublic2008-07-18 15:532008-07-22 15:08
Reporterivan 
Assigned Toivan 
PriorityimmediateSeverityblockReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version3.35 
Target Version3.36Fixed in Version3.36 
Summary0000121: QBE report can reveal sensitive information
DescriptionAlthough the QBE report is protected by requiring report permission (67) to run, most users do already have this permission.

The report is not discriminating about what tables you can report on, which is not good really, it means that potentially MD5 version of other peoples passwords can be viewed, and these could then potentially be cracked by looking them up in online MD5 dictionaries.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
User avatar (0000041)
ivan (administrator)
2008-07-18 16:20

Fixed in svn trunk r3843 and ported to 3.36 branch (r3844)

- Issue History
Date Modified Username Field Change
2008-07-18 15:53 ivan New Issue
2008-07-18 15:56 ivan Status new => confirmed
2008-07-18 15:58 ivan Status confirmed => assigned
2008-07-18 15:58 ivan Assigned To => ivan
2008-07-18 16:20 ivan Note Added: 0000041
2008-07-18 16:20 ivan Status assigned => resolved
2008-07-18 16:20 ivan Fixed in Version => 3.36
2008-07-18 16:20 ivan Resolution open => fixed
2008-07-22 15:08 ivan Status resolved => closed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker