RemoteCP Panel

Non-unique users

Bug #747842 reported by Lars Vierbergen
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
RemoteCP Panel
Fix Released
Critical
Lars Vierbergen
RemoteCP Panel 2.0 "Rose"
RemoteCP Web
Fix Released
Critical
Lars Vierbergen
RemoteCP Web 2.0 "Rose"

Bug Description

Suppose a remote database is registered into, let's say, Panel A.
Now, someone also registers it in Panel B, another website.
All users with the same username in Panel B can also access and edit sites designated to users of Panel A.

Lars Vierbergen (vierbergenlars)
visibility: private → public
tags: added: security
Changed in remotecp-website:
status: New → Confirmed
importance: Undecided → Critical
assignee: nobody → Lars Vierbergen (vierbergenlars)
milestone: none → 2.0
Changed in remotecp-panel:
status: New → Confirmed
importance: Undecided → Critical
assignee: nobody → Lars Vierbergen (vierbergenlars)
milestone: none → 2.0
tags: added: core php
Lars Vierbergen (vierbergenlars)
visibility: public → private
visibility: private → public
Lars Vierbergen (vierbergenlars)
tags: added: database
Lars Vierbergen (vierbergenlars)
Changed in remotecp-panel:
status: Confirmed → In Progress
tags: added: remote
Lars Vierbergen (vierbergenlars)
Changed in remotecp-panel:
status: In Progress → Fix Committed
Lars Vierbergen (vierbergenlars)
Changed in remotecp-website:
status: Confirmed → In Progress
Lars Vierbergen (vierbergenlars)
Changed in remotecp-website:
status: In Progress → Fix Committed
Lars Vierbergen (vierbergenlars)
tags: added: v.1
Lars Vierbergen (vierbergenlars)
Changed in remotecp-panel:
status: Fix Committed → Fix Released
Lars Vierbergen (vierbergenlars)
Changed in remotecp-website:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.