Task #8083 (closed)
Opened 12 years ago
Closed 12 years ago
Bug: Potential session hijacking vulnerability
Reported by: | cxallan | Owned by: | atarkowska |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-4.4 |
Component: | Web | Version: | n.a. |
Keywords: | n.a. | Cc: | omero-team@… |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2012-03-13 (10) |
Description
There is a method dbg_connectors() exposed via the webgateway application which could lead to session hijacking by decoding the data available via this debug method. It should be removed. Reference branch:
Change History (2)
comment:1 Changed 12 years ago by jburel
- Sprint changed from 2012-02-28 (9) to 2012-03-13 (10)
comment:2 Changed 12 years ago by atarkowska
- Remaining Time changed from 0.1 to 0
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
Moved from sprint 2012-02-28 (9)