there is a serious bug in KeyHelp 20.2 authentication [SOLVED]
there is a serious bug in KeyHelp 20.2 authentication
there is a serious bug in KeyHelp 20.2 authentication.
Login in your browser, copy the the current session ID URL and paste it in another browser, it opens the admin panel.
No need to login again.
https://x.x.x.x/index.php?page=admin_da ... kkr3r54353
-
- Posts: 228
- Joined: Tue 9. Apr 2019, 16:31
- Location: Korschenbroich
- Contact:
Re: there is a serious bug in KeyHelp 20.2 authentication
I got a message, your session is invalid.
Individuelle Entwicklung webbasierter Datenbanksysteme
https://www.john-softwareentwicklung.de
https://www.john-softwareentwicklung.de
Re: there is a serious bug in KeyHelp 20.2 authentication
The session id is connected with your IP.
As long as you don't share the URL within your LAN there's no security issue.
We also have a german thread about this topic.
viewtopic.php?f=6&t=355
As long as you don't share the URL within your LAN there's no security issue.
We also have a german thread about this topic.
viewtopic.php?f=6&t=355
Gruß,
Tobi
-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
Tobi
-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
Re: there is a serious bug in KeyHelp 20.2 authentication
As Tobi has already mentioned, in the current KeyHelp version the session is bound to your IP.
Furthermore I have now implemented several additional security measures to protect against other attack vectors.
All part of the upcoming KeyHelp 20.3.
Furthermore I have now implemented several additional security measures to protect against other attack vectors.
All part of the upcoming KeyHelp 20.3.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Re: there is a serious bug in KeyHelp 20.2 authentication
When is release 20.3?
thanks
Re: there is a serious bug in KeyHelp 20.2 authentication [SOLVED]
It should be ready in September - but no guarantee for that.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************