oss-sec mailing list archives
Re: CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 30 Mar 2010 16:03:14 -0400 (EDT)
On Fri, 19 Mar 2010, Jan Lieskovsky wrote:
Christopher showed: [1] http://archives.neohapsis.com/archives/bugtraq/2010-03/0156.html a deficiency in the way, Sahana disaster management system performed user authentication. Visiting a certain URL would allow an attacker to view (and potentially modify) information, which should be otherwise protected by authentication.
Use CVE-2010-1191 - Steve
Current thread:
- CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs Jan Lieskovsky (Mar 19)
- Re: CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs Steven M. Christey (Mar 30)