EUVD-2005-0312

Malware in sbrugna...

IDOR Vulnerability Allow the owner of one Organization can disable users that belong to other oggainzation

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and click disable , then we use burpsuit to get the post. 3 The post can be like : POST /admin/api/users/2/enable/false HTTP/1.1 5 we replace user id 2 to 3. 6 check the...

Disabling user in delegated Active Directory doesn't disable them in Confluence until they log in

h3.Steps to Reproduce Create a delegated directory, hooked to Active Directory Login with an AD user, with the "Remember Me" option checked Close the browser completely Disable the user in AD by checking the "Account is disabled" option in User Properties Account Account Options Launch the browse...

Domain restricted signup is creating enabled users on ApacheDS

When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...