diff options
author | Kai Blin <kai@samba.org> | 2013-01-28 21:41:07 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2013-01-29 09:49:31 +0100 |
commit | 91f4275873ebeda8f57684f09df67162ae80515a (patch) | |
tree | 306cbae9414b4e2b157a6f688286eab123d5c970 /swat/images/viewconfig.gif | |
parent | 71225948a249f079120282740fcc39fd6faa880e (diff) | |
download | samba-3.6.12.tar.gz |
swat: Use additional nonce on XSRF protectionsamba-3.6.12
If the user had a weak password on the root account of a machine running
SWAT, there still was a chance of being targetted by an XSRF on a
malicious web site targetting the SWAT setup.
Use a random nonce stored in secrets.tdb to close this possible attack
window. Thanks to Jann Horn for reporting this issue.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT.
Diffstat (limited to 'swat/images/viewconfig.gif')
0 files changed, 0 insertions, 0 deletions