[Koha-bugs] [Bug 11612] New: 404 error page for Intranet may leak information
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jan 27 00:01:06 CET 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11612
Bug ID: 11612
Summary: 404 error page for Intranet may leak information
Change sponsored?: ---
Product: Koha
Version: 3.14
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Staff Client
Assignee: koha-bugs at lists.koha-community.org
Reporter: isaacbrodsky at live.com
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com
Navigating to an non-existent page on the intranet site, (e.g.
https://demo-admin.calyx.net.au/test) allows an unauthenticated user to see the
top nav bar. If an administrator uses IntranetNav configuration option to add
links to the NavBar, those links will be displayed to unauthenticated users.
I do not believe any part of the staff client should be visible to
unauthenticated users. Administrators might assume no part of it is visible
since the login screen completely hides the regular staff interface.
Tested on Debian with Koha 3.14.
Isaac
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list