Actions
Bug #6995
closedSecurity Issue - SquidAnalyzer
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Dashboard
Target version:
-
Start date:
12/08/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.x
Affected Architecture:
All
Description
I found this flaw when I was testing SquidAnalyzer.
I noticed that it is possible to access the URL of the package directly, without going through the authentication.
Ex.: Hot IP - 200.200.200.200
WebConfigurator - https://200.200.200.2009
Squidanalyzer URL - https://200.200.200.200:9443/squidreport
Actions