[Bug - Severe] Sensitive info shown on Admin panel before Login redirect

Scar · August 22, 2015, 8:30pm

Hello there,

I have found a bug in the Admin panel for MiaB.
Content is shown in the Admin panel for a slight millisecond before the redirect to the Login screen.

I.E, if I click on the Mail>Users buttons at the top, for a slight Millisecond I can see the entire list of users before the login box appears.
This also works for the SSL check, and Aliases.

It appears as though it is checking if you are logged in and authenticated AFTER the content is pulled and displayed. I haven’t gotten around to looking at the source to see if that is the case, but I will later today after work.

JoshData · August 22, 2015, 8:44pm

No, the jump to the login screen is because authentication failed and data could not be retrieved. If you’re seeing a list of users, it’s from when you loaded that information when you were authenticated.

I guess it’s still in the DOM after you click log out…

system · October 22, 2015, 8:30pm

This topic was automatically closed after 61 days. New replies are no longer allowed.