Ticket #1887 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

Security hole in CPSUserFolder

Reported by: madarche Assigned to: madarche
Priority: P1 Milestone: CPS 3.4.6
Component: CPSUserFolder Version: TRUNK
Severity: critical Keywords:
Cc:

Description

There is a serious security hole in CPSUserFolder making it possible to bypass authentication.

The bug is present in CPSUserFolder >= 0.8.0, which has been present since CPS >= 3.3.5. The bug has been introduced by the changeset [25206].

But only CPS instances having an "acl_users" of type "CPS User Folder" are vulnerable. CPS portals with "acl_users" of the old type "User Folder With Groups" are not vulnerable.

Change History

01/22/08 00:02:51 changed by madarche

  • status changed from new to closed.
  • resolution set to fixed.

The problem has been fixed with changeset [52505].

A "hotfix" product is available for CPS portals not using the last CPSUserFolder version source:CPS3/hotfix/CPSHotFix-CPSUserFolder/trunk

To protect your CPS portal with the hotfix product:

1. download the hotfix product in the Products directory of your Zope instance: 

$ svn export https://svn.nuxeo.org/pub/CPS3/hotfix/CPSHotFix-CPSUserFolder/trunk CPSHotFix-CPSUserFolder

2. Restart your Zope instance

The simple fact of restarting the Zope instance will load the hotfix.