Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #8083 (closed)

Opened 12 years ago

Closed 12 years ago

Bug: Potential session hijacking vulnerability

Reported by: cxallan Owned by: atarkowska
Priority: blocker Milestone: OMERO-4.4
Component: Web Version: n.a.
Keywords: n.a. Cc: omero-team@…
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2012-03-13 (10)

Description

There is a method dbg_connectors() exposed via the webgateway application which could lead to session hijacking by decoding the data available via this debug method. It should be removed. Reference branch:

Change History (2)

comment:1 Changed 12 years ago by jburel

  • Sprint changed from 2012-02-28 (9) to 2012-03-13 (10)

Moved from sprint 2012-02-28 (9)

comment:2 Changed 12 years ago by atarkowska

  • Remaining Time changed from 0.1 to 0
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.65482 sec.)

We're Hiring!