http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12126
Bug ID: 12126
Summary: SIP authentication bypassed
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: SIP2
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
SIP Authentication will allow transactions even if credentials are incorrect,
as long as someone has authenticated correctly on the server, even if it is
from another machine!
Steps to reproduce:
1 - Authenticate from machine A with good credentials. Make a transaction.
2 - Use bad credentials on machine B. Make a transaction. For example, check
something out. The transaction will appear in Koha as though it were checked
out from the library credentials machine A was using.
3 - Change the credentials on machine A to a sip user for another library.
Make a transaction.
4 - Using the same or other bad credentials on machine B, check something out.
Koha will show item checked out from the library credentials machine A used
last.
When good credentials are used, SIP transactions work as expected. However,
when bad credentials are used, whether it is username, password, or even port,
Koha fails over to the last good credentials used. As long as you are pointing
to the server, you can complete a transaction.
Christopher
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
