[Koha-bugs] [Bug 11612] New: 404 error page for Intranet may leak information

Mon Jan 27 00:01:06 CET 2014

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11612

            Bug ID: 11612
           Summary: 404 error page for Intranet may leak information
 Change sponsored?: ---
           Product: Koha
           Version: 3.14
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Staff Client
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: isaacbrodsky at live.com
        QA Contact: testopia at bugs.koha-community.org
                CC: gmcharlt at gmail.com

Navigating to an non-existent page on the intranet site, (e.g.
https://demo-admin.calyx.net.au/test) allows an unauthenticated user to see the
top nav bar. If an administrator uses IntranetNav configuration option to add
links to the NavBar, those links will be displayed to unauthenticated users.

I do not believe any part of the staff client should be visible to
unauthenticated users. Administrators might assume no part of it is visible
since the login screen completely hides the regular staff interface.

Tested on Debian with Koha 3.14.

Isaac

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.