RE: [cobalt-users] Raq550: Serious Security Issue

["Network Operations" <admin@xxxxxxxx>]

I would imagine your site admins are thinking the same thing !!

Wondering who is looking at their stuff!

John

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Tolentino,
Elmer
Sent: Monday, March 31, 2003 11:22 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] Raq550: Serious Security Issue




> -----Original Message-----
> From: John D. Gorena [mailto:Support@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, March 31, 2003 8:21 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] Raq550: Serious Security Issue
> 
> 
> 
> 
> "John D. Gorena" wrote:
> > 
> > One of my virtual hosting clients informed me that he can 
> see any site Administrator login.
> > 
> > After he logs into his site at www.domainname.com/login, he 
> then can change the Site number in the
> > URL and see another site's administrative GUI console.  
> With full administrative privileges too.
> > 
> > I tried this on two different Raq550's.  Both have all the 
> updates.  Both allow me to cross the
> > access areas with no problems.  Has anyone else reported 
> this and is there a fix in the works?  Is
> > there a fix now?
> > 
> > John
> > 
> 
> 
> In additions to the above... They have viewing rights but 
> can't create a new user.
> 

I would imagine because they do not belong to the site# group, but I
would not want any siteadm of another site to see the other.

> John
> 
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
> 

_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users