Bug #2829
faxweb: unable to authenticate if password contains $
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-faxweb2 | |||
Target version: | v6.5 | |||
Security class: | Resolution: | |||
Affected version: | v6.5-final | NEEDINFO: | No |
Description
If the user password contains $ login fails.
In /var/www/html/faxweb/login.php $password should be protected against var expansion:
system("/var/www/html/faxweb/auth.pl '$username' '$password'", $ret);
Associated revisions
Login: handle special chars. Refs #2829
faxweb/login.php: shell-escape user supplied credentials. Refs #2829
History
#2 Updated by Davide Principi almost 7 years ago
- Target version set to v6.5
#3 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#4 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
- Affected version changed from v6.5 to v6.5-final
#5 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#6 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
Package in nethserver-testing:
- nethserver-faxweb2-1.0.5-4.0gitf9b6be17.ns6.noarch.rpm
- Enable the admin user and set a password containing the "$" character
- Try to authenticate with the user password
#7 Updated by Davide Principi almost 7 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
The test case is OK but the implemented solution does not escape single quote character '
.
#8 Updated by Davide Principi almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#9 Updated by Davide Principi almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
- Repeat original test case
- Check also for passwords containing single quote
'
#10 Updated by Davide Principi almost 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testingnethserver-faxweb2-1.0.5-4.0gitdd344b4f.ns6.noarch.rpm
nethserver-faxweb2-1.0.5-5.0git19543d67.ns6.noarch.rpm
#11 Updated by Giacomo Sanchietti almost 7 years ago
- Assignee set to Giacomo Sanchietti
#12 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
The bug is fixed.
#13 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-faxweb2-1.1.0-1.ns6.noarch.rpm