[Moin-devel] [ moin-Bugs-948103 ] SECURITY: possible way to defeat ACLs
SourceForge.net
noreply at sourceforge.net
Thu May 6 12:49:04 EDT 2004
Bugs item #948103, was opened at 2004-05-05 02:25
Message generated for change (Comment added) made by thomaswaldmann
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=108482&aid=948103&group_id=8482
Category: None
Group: None
>Status: Closed
Resolution: None
Priority: 5
Submitted By: Michael Castleman (mlc)
Assigned to: Nobody/Anonymous (nobody)
Summary: SECURITY: possible way to defeat ACLs
Initial Comment:
Suppose that you have a group called AdminGroup with
special privileges. An attacker can then create a
*user* called AdminGroup and gain those privileges.
The work around is for the site admin to create an
account called AdminGroup and forget the password, but
a better solution would be for MoinMoin to forbid
creation of accounts which mach the page_group_regex. I
can read Python but not write it, otherwise I'd fix
this bug myself. Shouldn't be too hard, though.
----------------------------------------------------------------------
>Comment By: Thomas Waldmann (thomaswaldmann)
Date: 2004-05-06 21:47
Message:
Logged In: YES
user_id=100649
Fixed in arch branch moin--main--1.2.
Will also be in 1.2.2, when it is released.
Thanks for reporting!
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=108482&aid=948103&group_id=8482
More information about the Moin-devel
mailing list