[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550

Subject: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
From: "alex" <alex@xxxxxxxxxxxxxxxxx>
Date: Fri, 6 Jun 2003 19:00:42 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550

I sent a radiance to SUN two months ago and Sun engineers haven't solved
this problem.

I think that problem know is known by many people but it is not solved

If you are an adminsite you can acces to all the adminsite accounts of the
server, you only have to change the url variable.
I'm going to give you an example:

I'm the adminsite of domain.com, I acces the GUI SITE ADMIN and the url that
i have in the browser is:

https://www.domain.net:81/nav/cList.php?root=sitemanageRoot&group=site13&hostname=www.domain.net&goto=base_userList

If I change the site number from site13  to 12 then i'll be the
administrator of site12.

Anyone knows how to solve it?

Thank

Follow-Ups:
- RE: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
  - From: Jamie - Serverstream

Prev by Date: [cobalt-security] MySQL
Next by Date: RE: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
Previous by thread: [cobalt-security] MySQL
Next by thread: RE: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index