View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0023185 | mantisbt | security | public | 2017-08-04 19:24 | 2017-09-03 18:41 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Target Version | 2.5.2 | Fixed in Version | 2.5.2 | ||
Summary | 0023185: Improve doc and notifications when admin dir is present (CVE-2017-12419) | ||||
Description | This is just to track the stopgap measures taken to mitigate the risk of an attack as described in 0023173 | ||||
Tags | No tags attached. | ||||
MantisBT: master-2.5 d6d7dc2d 2017-08-03 12:54 Details Diff |
Restore "admin dir" warning on login page Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin checks on login page to remove the logic checking for pre 1.0 upgrade steps. However, it also (probably unintentionally) removed the check for admin directory presence, so administrators are no longer reminded that they should delete this directory, potentially leaving them exposed to security breaches. This commit restores the warning, and improves the error message. Fixes 0023179 Stopgap measure for issue 0023173 |
Affected Issues 0023173, 0023179, 0023185 |
|
mod - lang/strings_english.txt | Diff File | ||
mod - login_page.php | Diff File | ||
MantisBT: master-2.5 3a7c6f75 2017-08-03 15:39 Details Diff |
Improve admin information about CVE-2017-12419 - Add admin check for mysqli.allow_local_infile - Add reminder to remove admin dir at end of Admin checks - Improve post-install tasks section of Admin Guide: add explicit warning about potential consequences of not deleting the admin directory, more descriptive wording. Stopgap measures for issue 0023173 |
Affected Issues 0023173, 0023185 |
|
mod - admin/check/check_database_inc.php | Diff File | ||
mod - admin/check/index.php | Diff File | ||
mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File |