[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] directory .htaccess problem
- Subject: Re: [cobalt-security] directory .htaccess problem
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 18 Jan 2003 12:29:05 +0300
- Organization:
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 2003-01-17 at 16:58, njd 76 wrote:
> Can RAQ4i people give this a try. I can get stright to my backup area
> without logging in. I dont know if you can save it or not but all my cookies
> were deleted when i tried it. Not sure if its a security hole but I perfer
> SUN would fix this minor problem.
>
> http://<server_ip>:81/cgi-bin/.cobalt/netbackup/netbackup.cgi
>
> Please let me know what you guys find out there.
It really does not request authentication. It seems that it does not
allow to change settings, though (but I did not check real hard).
There are two more directories there that have missing .htaccess. One
discloses a little piece of information. The other one (siteFPXsubweb)
has access check in the code so is not a security problem.
Eugene