Closed
Bug 289965
Opened 20 years ago
Closed 20 years ago
Password visible in Query string
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 287436
People
(Reporter: rajesh.venkatesan, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 1. Login to Bugzilla 2. Create a tabular report 3. Copy the url for any of the resulting numbers (ex: buglist url for total number of bugs) 4. Log out 5. Paste the url in your browser 6. Put in the username and password and login 7. In the buglist page click on change columns hyper link. Now Password is visible in the URL. This is not reproducible in BMO since all the assets are available for everyone to query without logging into the application. Please try it where it is required for every one to login to system before they query/add/edit bugs. Reproducible: Always
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 287436 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Component: Query/Bug List → User Accounts
OS: Linux → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 2.18
Updated•20 years ago
|
Target Milestone: Bugzilla 2.18 → ---
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
Comment 2•20 years ago
|
||
The bug this is duplicate of is no longer secured, so unsecuring this one.
Group: webtools-security
You need to log in
before you can comment on or make changes to this bug.
Description
•