It’s late, but I will try to describe security vulnerabilities I found recently:

1) XSS in BugTracker
You visit bug tracker, hacker can login on your account. This works only if you – as admin – logs into bug tracker and there is malicious report/code from user.

The fix is here:

Fix XSS in bugtracker.php · slawkens/myaac@83a91ec

2) XSS in forum, same as 1), but this time on forum. It is enough that you visit a malicious forum thread with your admin account.

There are 2 fixes:
here: Fix forum XSS · slawkens/myaac@d1bc63d (https://github.com/slawkens/myaac/commit/d1bc63d07ad88a143358cacd2c417891eea74dcc)
and here: Fix XSS in forum · slawkens/myaac@55dbade (https://github.com/slawkens/myaac/commit/55dbade8d5280c5baed45e5f7ebc3613b8e9b9e8)

There is also 3) bug, but a bit smaller. One user can steal another session from user, if they login on the same computer.

And the fix: Prevent session fixation · slawkens/myaac@483155c (https://github.com/slawkens/myaac/commit/483155cf4c1e3068aaee0d44541dfa61f6223379)

I advice all the users to apply those 3 fixed immediately! Otherwise hacker can gain access to your account and do whatever he wants!

I am also going to release a fixed version of MyAAC ASAP.

I want to hold you on the safe side, if something more will be found, I will post fixes ASAP.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.