[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: Security Alert on MIPS based Cobalts
- Subject: Re: [cobalt-security] Re: Security Alert on MIPS based Cobalts
- From: Malcolm McLeary <mmcleary@xxxxxxx>
- Date: Sun, 08 Oct 2000 10:39:48 +1100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
on 8/10/00 8:11 AM, Rod Todd at rodd_todd_1999@xxxxxxxxx wrote:
> My favorite on the Qubes :
> www.domain.com:81/.cobalt/groupList
> It shows all the groups and if you click on a group,
> it shows you who all the names of members.
This is really bad!
http://www.domain.com:81/.cobalt/groupList/
presents this page without a password prompt, while
http://www.domain.com:81/.cobalt/sysManage/
prompts for a username and password.
There must be a relatively easy fix to this because my Gateway Microserver
does not have this problem ... it prompts for a password for both of these
URLs.
Anyone know if this is fixed in any OS Updates or Security Patches?
Would a .htaccess file restricting access to admin work?
Cheers, Malcolm