|
|
| Author |
Message |
nocmanager
Joined: 21 Jan 2003
Posts: 4
|
 Posted: Wed Jan 22, 2003 10:29 am Post subject: graph.php security fixed |
 |
|
| I noticed that when you access CACTI with http://x.x.x.x/cacti/graph.php?rraid=all&graphid=some_id where som_id is a valid ID from rrd_graph table, then you can see the graph itself without any authorisation. I removed guest user but it didn't help. So, you can walk all numbers from 1 to infinity and actualy see all graphs in the system. |
|
| Back to top |
|
 |
aratux(guest)
Guest
|
| Posted: Sun Jan 26, 2003 5:55 am Post subject: |
|
|
Believe me, that doesn't happen with me.
Mostly you use an old version.
When I try what you have said, I get access denied message.
Regards
Mohamed Eldesoky |
|
| Back to top |
|
|
nocmanager
Joined: 21 Jan 2003
Posts: 4
|
| Posted: Wed Feb 05, 2003 6:57 am Post subject: |
|
|
| Yes, I found out when it happened. When I removed guest user completely I could access graphs in this way, so it is not adviced to remove guest user, only to take all privileges from him, then it works fine. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
