Project

General

Profile

Actions

Bug #16107

closed

Security breach --> possibility to hack system

Added by Andreas Balzer over 18 years ago. Updated about 16 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Backend User Interface
Target version:
-
Start date:
2006-04-30
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.0
PHP Version:
4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If a user A is logged in as an admin user and a user B is logging in on an other username that is an admin, and user B is removing the admin rights of user A, user A can still act as an admin as long as he does not logout.

This should changed immediatly, so that every time a BE user loads a module or does anything critical (e.g. upload files) it should be checked, whether the user has the rights to do so..

this should be done immediatly, as it's a possible way of hacking TYPO3 sites.
(issue imported from #M3385)

Actions

Also available in: Atom PDF