Red Hat Bugzilla – Bug 138218
security issue: able to create several org admins by submitting the form multiple times
Last modified: 2007-08-06 11:57:44 EDT
Description of problem:
During the satellite install, you can submit this form multiple times,
and create as many org admins as you like.
Version-Release number of selected component (if applicable):
Only one org admin allowed!
Fixed in CVS.
1) Perform satellite 3.6 install.
2) After creating the first user, return to the 'create_satellite.pxt'
page, enter a different username, and click 'commit' again.
3) You should get a 500 error in the browser, and a messae in the
Attempt to create satellite user when a user already exists
Is that a success? I followed the test plan and I achieve precisely
that. Ugly though.
We don't generally go out of our way to make things pretty for people
who are doing 'funny' things. Using the back button to try to create
a second first user counts as 'funny' in my book.
Mass move from PROD_READY to CLOSED:CURRENTRELEASE