Security issue with Joomla Integration

Post about your customizations to share with others.

Moderators: Developer, Contributor

Post Reply
kuhsay

Security issue with Joomla Integration

Post by kuhsay »

I noticed a potential security problem with the Joomla integration... basically you aren't logged out of mantis if you don't visit the mantis page as an anonymous user.

For example:
Log into joomla
visit mantis through the joomla/mantis bridge component... this will log you into the mantis system
visit another page on joomla that isn't related to mantis
log out of joomla
now visit the mantis url by iteself outside of joomla (ie: http://www.yoursite.com/mantis). You will still be logged in and have access to the previous users account.
Post Reply