[rt-users] 3.8.x serious security issue with mixing sessions
Matthew Keller
kellermg at potsdam.edu
Fri Oct 23 13:59:58 EDT 2009
Arkadiusz Miskiewicz wrote:
> I have a very serious security problem with 3.8 installation (3.8.6
> currently).
>
> Logged User sessions are being mixed up. One logged user is becoming another
> logged user as seen by rt. It happens in different moments.
Are you using HTTP authentication or RT's built-in login page? If the
former, it's likely a leaky apache process, squid or auth_cache problem
(not RT); if the latter, then most likely a caching issue or possibly RT
bug.
--
Matthew Keller
Information Security Officer
Computing & Technology Services
State University of New York @ Potsdam
Potsdam, NY, USA
More information about the rt-users
mailing list