[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Raq550: Serious Security Issue
- Subject: RE: [cobalt-users] Raq550: Serious Security Issue
- From: "Tolentino, Elmer" <etolentino@xxxxxxxxx>
- Date: Mon Mar 31 08:31:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> -----Original Message-----
> From: John D. Gorena [mailto:Support@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, March 31, 2003 8:21 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] Raq550: Serious Security Issue
>
>
>
>
> "John D. Gorena" wrote:
> >
> > One of my virtual hosting clients informed me that he can
> see any site Administrator login.
> >
> > After he logs into his site at www.domainname.com/login, he
> then can change the Site number in the
> > URL and see another site's administrative GUI console.
> With full administrative privileges too.
> >
> > I tried this on two different Raq550's. Both have all the
> updates. Both allow me to cross the
> > access areas with no problems. Has anyone else reported
> this and is there a fix in the works? Is
> > there a fix now?
> >
> > John
> >
>
>
> In additions to the above... They have viewing rights but
> can't create a new user.
>
I would imagine because they do not belong to the site# group, but I would not want any siteadm of another site to see the other.
> John
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>