[cvsnt] SECURITY BUG IN PSERVER
River
river at ptt.yu
Mon Aug 11 07:51:44 BST 2003
I posted this some time ago for version 2.0.4. Now I installed 2.1.1 and
still the same bug
If I set up repository with pserver authentication, by using admin file,
passwd file and create 2 users, one that is administrator (river), and one
that is user (ruser) .
Next I can log on to server with administrator login (river) and I add one
new user foo using cvs passwd -a foo
Next I log of , and then log again using normal user password (ruser).
If I try to add new user I got error that only admins can add users, but IF
I TRY TO DELETE USER USING
cvs passwd -X foo
I WILL BE ABLE TO DO IT.
Can somebody please help about this. Maby I'm wrong with my configuration,
but if so, please help me.
More information about the cvsnt
mailing list