ISPsystem.com Forums

ISPsystem.com Forums (http://forum.ispsystem.com//index.php)
-   Troubleshooting (http://forum.ispsystem.com//forumdisplay.php?f=11)
-   -   security bug in database user handling (http://forum.ispsystem.com//showthread.php?t=1969)

paketschubser 09-02-2012 02:07 PM
security bug in database user handling
 
Hello,

one of our customers tried the following setup:

He created two customer users (user1, user2) each with his own MySQL database (db1, db2). Each database has it's own user with the same name as the database. To simplify the access for the server administrator he created another user called admin and gave him access to both databases. So far everything works fine, the problem is that both users (user1 and user2) are now allowed to change the password of the admin user so that they are able to gain access to other databases by taking over the admin account.

slava 09-04-2012 08:44 AM
Hello,
our developer team will check this issue.


All times are GMT +2. The time now is 01:55 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.