SERIOUS SECURITY HOLE
Hello,
We have found a very very serious security hole in application manager.
Basically, accessing any a URL as follows:
http://192.168.0.xx/HostResource.do?name=HOSTNAME&haid=null&appName=null&resourceid=1298#
(change HOSTNAME to one of your monitored servers & the resourceid= may need to match a valid ID (but still lets you in anyway))
The above allows ANYONE, even without having accessed the site previously to view whatever information they like, password and cookies are by-passwd/ignored).
I have not checked with your configuration can be altered (e.g. to delete monitor groups etc.)
Please fix this problem ASAP.
Albert.
We have found a very very serious security hole in application manager.
Basically, accessing any a URL as follows:
http://192.168.0.xx/HostResource.do?name=HOSTNAME&haid=null&appName=null&resourceid=1298#
(change HOSTNAME to one of your monitored servers & the resourceid= may need to match a valid ID (but still lets you in anyway))
The above allows ANYONE, even without having accessed the site previously to view whatever information they like, password and cookies are by-passwd/ignored).
I have not checked with your configuration can be altered (e.g. to delete monitor groups etc.)
Please fix this problem ASAP.
Albert.
Topic Participants
agraham_me
app_support
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?