US: 1-941-4621-069
  
Cyprus: 3-572-2052-781

Go Back   ISPsystem.com Forums > ISPmanager > Troubleshooting


Reply
 
Thread Tools
Old 09-02-2012, 02:07 PM   #1
Junior Member
 
Join Date: Oct 2011
Posts: 25
paketschubser is on a distinguished road
Default security bug in database user handling

Hello,

one of our customers tried the following setup:

He created two customer users (user1, user2) each with his own MySQL database (db1, db2). Each database has it's own user with the same name as the database. To simplify the access for the server administrator he created another user called admin and gave him access to both databases. So far everything works fine, the problem is that both users (user1 and user2) are now allowed to change the password of the admin user so that they are able to gain access to other databases by taking over the admin account.
paketschubser is offline   Reply With Quote
Old 09-04-2012, 08:44 AM   #2
ISPsystem team
 
slava's Avatar
 
Join Date: May 2008
Location: ISPsystem
Posts: 588
slava is on a distinguished road
Default

Hello,
our developer team will check this issue.
slava is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 07:04 AM.