Openbravo Issue Tracking System - Openbravo ERP | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0002819 | Openbravo ERP | C. Security | public | 2008-04-07 16:25 | 2008-06-19 19:43 |
| Reporter | user71 | ||||
| Assigned To | alostale | ||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | OS | 5 | OS Version | ||
| Product Version | |||||
| Target Version | Fixed in Version | 2.40alpha-r2 | |||
| Merge Request Status | |||||
| Review Assigned To | |||||
| OBNetwork customer | No | ||||
| Web browser | |||||
| Modules | Core | ||||
| Support ticket | |||||
| Regression level | |||||
| Regression date | |||||
| Regression introduced in release | |||||
| Regression introduced by commit | |||||
| Triggers an Emergency Pack | No | ||||
| Summary | 0002819: Security flaw in users setup | ||||
| Description | ubuntu 7.10 postgres 8.2.6 JDK 1.5 Tomcat 5.5 Openbravo 2.35 MP1 After creating a new client, log in as newclientAdmin Go to General setup->Security->User Click on the grid to view existing users. In addition to newclientAdmin and newclientUser both Openbravo and system are displayed. Select Openbravo, click the password icon and change the password. Logout and login as Openbravo, click the user info icon and you are able to change your role to any client on the system. Oops. Kind regards, Andrew. | ||||
| Steps To Reproduce | |||||
| Proposed Solution | |||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2008-06-19 19:43 | psarobe | Status | resolved => closed | ||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||