Project

General

Profile

Actions
Copy link

Bug #6995

closed

Security Issue - SquidAnalyzer

Added by Bruno Kammers over 7 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Dashboard
Target version:
-
Start date:
12/08/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.x
Affected Architecture:
All

Description

I found this flaw when I was testing SquidAnalyzer.

I noticed that it is possible to access the URL of the package directly, without going through the authentication.

Ex.: Hot IP - 200.200.200.200

WebConfigurator - https://200.200.200.2009

Squidanalyzer URL - https://200.200.200.200:9443/squidreport

Actions
Copy link

Also available in: Atom PDF