Package: sql-ledger Version: 2.4.7-2 Severity: grave Justification: user security hole
Using the Logout option on the menu takes the user back to the login screen. However, the session is still active which means anyone else may walk up to the system and use the History or the Back button of the browser to access all account information for the previously logged in user. This is not a big deal within a small intranet but poses a security risk on an internet-accessible server. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages sql-ledger depends on: ii apache2-mpm-prefork [httpd] 2.0.54-4 traditional model for Apache2 ii libdbd-pg-perl 1.41-3 a PostgreSQL interface for Perl 5 ii perl 5.8.4-8 Larry Wall's Practical Extraction ii perl-dummy [perl] 1.0 Custom compiled Perl 5.8.2. This d -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
