Bug 7206 – query.cgi does BAD thinks when Bugzilla_logincookie is invalid!!!

Bug 7206 - query.cgi does BAD thinks when Bugzilla_logincookie is invalid!!!

Summary:	query.cgi does BAD thinks when Bugzilla_logincookie is invalid!!!

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Bugzilla
Classification:	Community
Component:	Bugzilla General (Show other bugs)
Sub Component:
Version:	2.1r
Hardware:	All Linux

Priority	medium Severity medium (vote)
Target Milestone:	---
Target Release:	---
Assigned To:	David Lawrence
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	1999-11-21 14:02 EST by Aleksey Nogin
Modified:	2008-05-01 11:37 EDT (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	1999-11-22 12:00:28 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Aleksey Nogin 1999-11-21 14:02:07 EST

Do a little experiment:

1) Set Bugzilla_login to ayn2@cornell.edu
2) Set Bugzilla_logincookie to something invalid (like 0). Now go to
query.cgi

BAD things happen:

1) All my saved queries are available (security issue!).
2) It does not suggest to log in at the top of the page (which it does when
Bugzilla_login is not set).
3) It does not give option to log out and log in as somebody else at the
bottom of the page (which it does when it thinks I am logged in).

Comment 1 David Lawrence 1999-11-22 12:00:59 EST

Ok, i think i have this one fixed from what i can tell at my end. Please try to
recreate this on your end and let me know if it still occurs. Thanks.

Note You need to log in before you can comment on or make changes to this bug.