Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0002819 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | minor | always | 2008-04-07 16:25 | 2008-06-19 19:43 | |||
| Reporter | user71 | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 2.40alpha-r2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0002819: Security flaw in users setup | |||||||
| Description | ubuntu 7.10 postgres 8.2.6 JDK 1.5 Tomcat 5.5 Openbravo 2.35 MP1 After creating a new client, log in as newclientAdmin Go to General setup->Security->User Click on the grid to view existing users. In addition to newclientAdmin and newclientUser both Openbravo and system are displayed. Select Openbravo, click the password icon and change the password. Logout and login as Openbravo, click the user info icon and you are able to change your role to any client on the system. Oops. Kind regards, Andrew. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0003460) alostale (viewer) 2008-05-12 12:19 edited on: 2008-06-12 09:25 |
Logged In: YES user_id=1500722 Originator: NO Security review project solves this issue: now Openbravo user is visible but not editable, so password is not changeable. |
|
(0006408) user71 2005-06-01 00:00 edited on: 2008-06-12 09:43 |
This bug was originally reported in SourceForge bug tracker and then migrated to Mantis. You can see the original bug report in: https://sourceforge.net/support/tracker.php?aid=1936766 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-06-19 19:43 | psarobe | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |