FS#32 : require base authenication.

Welcome to the OSSIM bug tracker, please use this interface to report any bugs or add feature requests.

FS#32 - require base authenication.

Attached to Project: OSSIM
Opened by Nic Guzaldo (guzaldon) - Monday, 06 October 2008, 12:31 GMT

Task Type	Bug Report
Category	AlienVault Installer
Status	Unconfirmed
Assigned To	No-one
Operating System	AV Debian
Severity	High
Priority	Normal
Reported Version	AV Installer 1.0.4
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Originally reported in thread:
https://www.ossim.net/forum/index.php?t=msg&goto=1234&S=1089d392e6091fff088aa013ab12f109

You can access base/acid vi %BASEURL%/base without having to authenticate. This allows for information disclosure and brakes the possible trust that data is untempered with.

This is on a ossim 1.0.6 release.

Let me know if you need additional information.

Thanks for the great tool,

Nic

This task depends upon

Comments (0)
Related Tasks (0/0)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

FS#32 - require base authenication.

Details

Loading...