| Anonymous | Login | Signup for a new account | Jun 18, 2013 1:57 am |  |
| Main | My View | View Issues | Vote Tallies | FAQ |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | Date Submitted | Last Update | |||||
| 0007031 | Website/Forum/Bug Tracker Ideas | Bug - Other | Apr 10, 2012 10:45 pm | Apr 11, 2012 7:55 am | |||||
| Reporter | TechSY730 | ||||||||
| Assigned To | |||||||||
| Severity | major | ||||||||
| Status | closed | Resolution | no change required | ||||||
| Summary | 0007031: Priority can still be changed via "backdoor" means | ||||||||
| Description | As seen in issue 0000824 (although many others were hit), there has been a successful "permissions bypass" to edit the priority field even though it was supposedly disabled. Marked as major as there is a risk that this type of attack could possibly be used to edit other, more important fields (like status or internal developer priority) | ||||||||
| Tags | No tags attached. | ||||||||
| Internal Weight | New | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0021927) TechSY730 (reporter) Apr 10, 2012 10:52 pm |
If I had to guess how he pulled it off, I would say either constructing a URL or forging POST requests that could not of come from the actual web-page |
|
Notes |
|
This issue is already marked as resolved. If you feel that is not the case, please reopen it and explain why. |
|
| Supporters: | No one explicitly supports this issue yet. |
| Opponents: | No one explicitly opposes this issue yet. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| Apr 10, 2012 10:45 pm | TechSY730 | New Issue | |
| Apr 10, 2012 10:52 pm | TechSY730 | Note Added: 0021927 | |
| Apr 11, 2012 7:55 am | tigersfan | Internal Weight | => New |
| Apr 11, 2012 7:55 am | tigersfan | Status | new => closed |
| Apr 11, 2012 7:55 am | tigersfan | Resolution | open => no change required |
|
Issue History |
| Copyright © 2000 - 2011 MantisBT Group |
 |