SWAT
Gerald Carter
gcarter at valinux.com
Sat Jul 29 07:19:04 GMT 2000
Andreas Haas wrote:
>
> Hi,
>
> I have found a possible bug in SWAT.
> It was possible to view all the SWAT pages without
> providing a user/password.
Strange, I have to be authenticated to get any pages.
Perhaps something is misconfigured in your setup?
Or maybe IE has cached some information for you?
> A login dialog appears everytime you are accessing
> a page but if you go back and forward a page using
> the Buttons of MS IE 5.0 you are able to see the
> whole configuration.
>
> I was not able to change anything but the knowlege
> which users exitst could be a advantage to an attacker.
How do you get a list of users this way (even if
I could get an non-authenticated connection)? Not
clear to me....
Cheers,
jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba
mailing list