Security issue on windows - montgrel - 0.8.0 ?
Added by Yannis Torres almost 16 years ago
Hi,
I've installed a montgrel server on a windows nt server 2003. ( don't have the choice :/ )
On this montgrel I've installed two redmine (stable 0.8.0).
I don't known if its a montgrel cgi (or session ?) issue or redmine one, but when I login with a user (lets say user with uid 10) on my first redmine, and then without login or logout, I open my second redmine, I'm automatically logged in the second redmine as the user that as the corresponding uid.
This may allow a user to grab admin access on the second redmine (if he match uid of admin account), or could seriously mess with user profiles and rights.
anyone have ever encountered this ?