SWAT

Gerald Carter gcarter at valinux.com
Sat Jul 29 07:19:04 GMT 2000


Andreas Haas wrote:
> 
> Hi,
> 
> I have found a possible bug in SWAT.
> It was possible to view all the SWAT pages without
> providing a user/password.

Strange, I have to be authenticated to get any pages.
Perhaps something is misconfigured in your setup?
Or maybe IE has cached some information for you?

> A login dialog appears everytime you are accessing
> a page but if you go back and forward a page using
> the Buttons of MS IE 5.0  you are able to see the
> whole configuration.
> 
> I was not able to change anything but the knowlege
> which users exitst could be a advantage to an attacker.

How do you get a list of users this way (even if 
I could get an non-authenticated connection)?  Not 
clear to me....






Cheers,
jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )



More information about the samba mailing list