Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debug Mode Information disclosure to unauthenticated users. #89

Closed
NathanGibbs3 opened this issue Oct 30, 2020 · 0 comments
Closed

Debug Mode Information disclosure to unauthenticated users. #89

NathanGibbs3 opened this issue Oct 30, 2020 · 0 comments
Assignees
@NathanGibbs3
Labels
invalid This doesn't seem right LCB-TechDebt Issue exists in Legacy Code Base. We inherited it. Prod Observed in Production Environment. Security Issue impacts or is related to App Security. UI User Interface Issues.
Projects
Auth System Implementation.
Milestone
1.4.6

Comments

@NathanGibbs3
Copy link
Owner

NathanGibbs3 commented Oct 30, 2020
edited
Loading

Item Description
File: includes/base_log_error.inc.php
Class:
Function: PrintPageHeader()
Similar Issues: #146
Depends on Issue(s):
Dependency Type:
Misc. Info.: Conf var $debug_mode must be set to > 0 for this to show up. Display of this info is fine if user is authenticated or Auth system is off.

Expected Behavior:
Uses AuthorizedPage() to do checks before information display.
Current Behavior:
Doesn't do page checks before printing information.
@NathanGibbs3 NathanGibbs3 added invalid This doesn't seem right Prod Observed in Production Environment. LCB-TechDebt Issue exists in Legacy Code Base. We inherited it. Security Issue impacts or is related to App Security. UI User Interface Issues. labels Oct 30, 2020
@NathanGibbs3 NathanGibbs3 added this to the 1.4.6 milestone Oct 30, 2020
@NathanGibbs3 NathanGibbs3 self-assigned this Oct 30, 2020
@NathanGibbs3 NathanGibbs3 mentioned this issue Feb 8, 2023
Closed
@NathanGibbs3 NathanGibbs3 added this to Needs triage in Auth System Implementation. via automation Apr 8, 2023
@NathanGibbs3 NathanGibbs3 moved this from Needs triage to Closed in Auth System Implementation. Apr 8, 2023
@NathanGibbs3 NathanGibbs3 mentioned this issue May 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NathanGibbs3 NathanGibbs3

Labels
invalid This doesn't seem right LCB-TechDebt Issue exists in Legacy Code Base. We inherited it. Prod Observed in Production Environment. Security Issue impacts or is related to App Security. UI User Interface Issues.
Projects
Auth System Implementation.
Closed
Milestone
1.4.6
Development

No branches or pull requests
1 participant
@NathanGibbs3