Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-7331

Concurrent Logins Supported - Magnolia admin

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not an issue
    • Neutral
    • None
    • 5.5.3
    • None
    • None

    Description

      Risk Impact

      Very Low (1)

      Ease Of Exploitation

      Very Hard (1)

      Complexity To Fix

      Simple (2)

      Description

      It was possible to authenticate to the application more than once, from different client machines, using the same authentication credentials. One tenet of security auditing is to ensure that every action can be attributed to an individual. Concurrent logins break this security principle.

      Details

      The Magnolia application supports concurrent sessions with the same account.
      The account named RA_CONTENT_AUTHOR was logged in the application with the Mozilla Firefox browser.
      The same account was then able to login in the Google Chrome browser.
      Both sessions remained active and retained their full user functionality.

      Short Recommendation

      Restrict users to single session per account

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              Mark Cunningham Mark Cunningham
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD