Prevent SSO fixation attacks against WebGUI by modifying Operation/SSO to log the user in as the user with a different session, and to require a flag in the config file to enable it. This feature will be removed in WebGUI 8. Fixes bug #12004.
This commit is contained in:
Colin Kuskie
parent
c65fd1946a
commit
6f34c25e82
4 changed files with 20 additions and 3 deletions
|
|
@ -27,6 +27,7 @@
|
|||
- fixed #11976: Use Container URL in search gives user Permission Denied
|
||||
- fixed #11985: Search.pl should warn on bad assets
|
||||
- fixed #12008: Activity CleanLoginHistory is too slow
|
||||
- fixed #12004: SSO operation vulnerable to session fixation attacks
|
||||
|
||||
7.10.6
|
||||
- fixed #11974: Toolbar icons unclickable in Webkit using HTML5
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue