2014-10-09 Flaw Discovered 2014-10-20 Vendor contacted 2014-10-21 Vendor response 2014-12-08 Vendor fix proposal 2014-12-08 Extension of embargo to 19.4.2015 2015-05-04 Extension of embargo until release of version 5.0 2015-05-18 Release of version 5.0 and public disclosure
The web application does not restrict users to be logged in only one and does not provide a configuration options to configure this feature for admins and/or user accounts.
Implement a single login session restriction configuration option for the web CollabNet web applications. Notify the user if another person has logged in from another location.
This is the only item we decided was not worth the effort. I've not actually seen this restriction on any webapp I've ever used.