To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=106732 Issue #|106732 Summary|Security: Passwordcontainer URL matching broken Component|framework Version|OOO320m4 Platform|All URL| OS/Version|All Status|NEW Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P3 Subcomponent|code Assigned to|kso Reported by|kso
------- Additional comments from [email protected] Mon Nov 9 13:03:39 +0000 2009 ------- 0) you need access to two http resources with different connection endpoints, e.g. host1 and host2 1) Activate usage of OOo file dialogs (-> Tools/Options/OOo/General) 2) File->Open => Enter 'http://host1/path1' ==> Password dialog appears => enter credentials => enter => file gets loaded/webdav directory listing appears in file picker => close file/file dialog 3) File->Open => Enter 'http://host2/path2' ==> Bug: Password dialog appears, prefilles with credentials for host1! password and username field should be empty. ===> This is a security issue, because OOo automatically sends credentials for host1 to host2(!) before(!) displaying the login dialog with the "wrong" credentials! User has no chance to prevent this. This worked okay in OOo 3.1. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
