[jira] Updated: (GERONIMO-3404) Using a Null Username allows access to a running 2.0 server

Donald Woods (JIRA) Tue, 25 Sep 2007 12:23:18 -0700

     [ 
https://issues.apache.org/jira/browse/GERONIMO-3404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Donald Woods updated GERONIMO-3404:
-----------------------------------

    Affects Version/s: 2.1
        Fix Version/s:     (was: 2.0.x)
                           (was: 2.0)
                       2.0.1

> Using a Null Username allows access to a running 2.0 server
> -----------------------------------------------------------
>
>                 Key: GERONIMO-3404
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3404
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0, 2.1
>         Environment: Released geronimo-tomcat6-jee5-2.0-bin.zip on WinXP and 
> on Linux
>            Reporter: Donald Woods
>            Assignee: David Jencks
>            Priority: Critical
>             Fix For: 2.0.1, 2.1
>
>         Attachments: GERONIMO-3404.patch
>
>
> I was just testing the geronimo-tomcat6-jee5-2.0-bin.zip on a new WinXP 
> machine and discovered that anyone can administer a Geronimo server (local or 
> remotely) if they enter a null Username when prompted by the deploy or 
> geronimo scripts.  I verified that the <user_home>\.geronimo-deployer file 
> did not exist on the WinXP machine and on a Linux box I used to verify the 
> remote scenario.... 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-3404) Using a Null Username allows access to a running 2.0 server

Reply via email to