maemo.org - Talk
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Community (https://talk.maemo.org/forumdisplay.php?f=16)
-   -   Maemo.org security vulnerability? (https://talk.maemo.org/showthread.php?t=59830)

giecsar 2010-08-06 02:06
Maemo.org security vulnerability?
 
1 Attachment(s)
I would like to bring this issue, which I believe is a vulnerability that grants people access to the administration area, to the attention of the staff members.

Basically what happens is that when I login I sometimes get access (the links appear at the top of the page) to admin areas where I can edit sensitive information, as you can see from the screenshot (attachment).

jd4200 2010-08-06 03:40
Re: Maemo.org security vulnerability?
 
Screenshot is too small.
Maybe they're going to make you the new admin :rolleyes:

ossipena 2010-08-06 04:03
Re: Maemo.org security vulnerability?
 
what sensitive information? and wtf with sometimes? those are always there when your user account has sufficient rights to access certain features of midgard. don't know if the policies are too loose though.

YoDude 2010-08-06 04:12
Re: Maemo.org security vulnerability?
 
When you select "website" on that menu at the top is "Midgard Administration UI" enabled or is it grayed out?

giecsar 2010-08-06 15:13
Re: Maemo.org security vulnerability?
 
Quote:
Screenshot is too small.
Not my fault, the website resizes the image when I upload it.

Quote:
Originally Posted by ossipena (Post 777338)
what sensitive information?
Stuff like page metadata and stuff related to administration.


Quote:
Originally Posted by ossipena (Post 777338)
and wtf with sometimes? those are always there
No. They don't always appear. Which is why I'm saying it's a bug or something.

Quote:
Originally Posted by ossipena (Post 777338)
when your user account has sufficient rights to access certain features of midgard.
Well my account has no rights at all, I'm not part of the staff.

giecsar 2010-08-06 15:28
Re: Maemo.org security vulnerability?
 
So.. apart from regular users who can't do anything about it, nobody cares? Interesting.

festivalnut 2010-08-06 15:50
Re: Maemo.org security vulnerability?
 
gimme an extra thousand 'thanks' and watch the uproar that ensues over that! :) maybe pm'ing a mod directly might be more effective for getting their attention though?

giecsar 2010-08-06 18:02
Re: Maemo.org security vulnerability?
 
Quote:
Originally Posted by festivalnut (Post 777941)
gimme an extra thousand 'thanks' and watch the uproar that ensues over that! :) maybe pm'ing a mod directly might be more effective for getting their attention though?
Hey, I'm not their security advisor. The mods should be checking out every thread anyway. If they don't care, I'm not going to bother PM'ing them.

HellFlyer 2010-08-06 18:25
Re: Maemo.org security vulnerability?
 
Yesterday I saw Reggie viewing this thread ,he didnt respond hence there is nothing to worry about :)

Jaffa 2010-08-08 10:19
Re: Maemo.org security vulnerability?
 
Quote:
Originally Posted by giecsar (Post 777903)
Not my fault, the website resizes the image when I upload it.
Then can you please do one of:
  1. Attach it to a new bug report, including details of what you did to get there; the username you've logged on with and a series of screenshots showing each expanded menu entry.
  2. Crop it and re-attach.

(1) would be the most productive, FWIW.

Quote:
Originally Posted by HellFlyer (Post 778086)
Yesterday I saw Reggie viewing this thread ,he didnt respond hence there is nothing to worry about :)
Reggie has no control over the Midgard portion of maemo.org.


All times are GMT. The time now is 19:30.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8