thr3ads.net - Secure testing team - [Secure-testing-team] Bug#614575: request-tracker3.8: Back button attacks [Feb 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Dominic Hargreaves

2011-Feb-22 11:44 UTC

[Secure-testing-team] Bug#614575: request-tracker3.8: Back button attacks

Package: request-tracker3.8
Version: 3.8.8-7
Severity: important
Tags: security

The following appears in the changelog of 3.8.9:

 * Redirect users to their desired pages after login.
    This prevents possible back button attacks after a user logs out.

This may warrant an update in s-p-u.

Secure testing team - Feb 2011 - Bug#614575: request-tracker3.8: Back button attacks

[Secure-testing-team] Bug#614575: request-tracker3.8: Back button attacks