[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. ed7fc69cfb5cfea1ed3086a303672813108ac474

Marc Delisle lem9 at users.sourceforge.net
Mon Jul 25 18:44:38 CEST 2011

The branch, master has been updated
       via  ed7fc69cfb5cfea1ed3086a303672813108ac474 (commit)
      from  edf479236124f733e845988fcdfaf64aada325fe (commit)

- Log -----------------------------------------------------------------
commit ed7fc69cfb5cfea1ed3086a303672813108ac474
Author: Marc Delisle <marc at infomarc.info>
Date:   Mon Jul 25 12:44:14 2011 -0400

    Update for PMASA-2011-12


Summary of changes:
 templates/security/PMASA-2011-12 |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/templates/security/PMASA-2011-12 b/templates/security/PMASA-2011-12
index ed27796..7405881 100644
--- a/templates/security/PMASA-2011-12
+++ b/templates/security/PMASA-2011-12
@@ -11,16 +11,16 @@ PMASA-2011-12
 <py:def function="announcement_updated">
 <py:def function="announcement_summary">
-Possible session manipulation in swekey authentication.
+Possible superglobal and local variables manipulation in swekey authentication.
 <py:def function="announcement_description">
-It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code.
-This is very similar to PMASA-2011-5. 
+It was possible to manipulate the PHP superglobals (including SESSION) using some of the Swekey authentication code. Also, variables local to the affected Swekey function were at risk.
+This is similar to PMASA-2011-5. 
 <py:def function="announcement_severity">
@@ -28,6 +28,7 @@ We consider this vulnerability to be critical.
 <py:def function="announcement_mitigation">
+The Swekey authentication mechanism must be activated (which is not a requirement in the case of PMASA-2011-5).
 <py:def function="announcement_affected">

phpMyAdmin website

More information about the Git mailing list