Opened 16 years ago

Closed 16 years ago

#118 closed defect (fixed)

Security hole in ximpersonate.php allows domain admins to administer other domains

Reported by: rjl Owned by: rjl
Priority: high Milestone: 1.0.0 RC6
Component: PHP scripts Version: 1.0.0 RC5
Severity: major Keywords: ximpersonate.php impersonate


Chris Wopat recently reported a small but significant vulnerability in ximpersonate.php, in which calling the page directly with forged URL argments (e.g. ximpersonate.php?id=x) allows domain administrators to impersonate users from any domain, including the domain-default and system-default users. This occurs because ximpersonate.php is only checking to make sure the user is an administrator, and not that he has privileges over the specific user being impersonated.

Change History (1)

Note: See TracTickets for help on using tickets.