Post by fajo on Dec 2, 2010 6:00:48 GMT 7
Due to insufficient authorization checks in the modules web pages the module configuration gets exposed to unauthorized/unauthenticated users.
Users if the module are encouraged to de-install the module. Just disabling the module will not suffice since the affected script will restart the daemon regardless of the module enable status (which is another bug ;o)
References:
/Falk
Update 2010/12/08
Thecus just replied that version 2.11.3 will contain fixes for that issue (v2.11.3 is not available yet)
Users if the module are encouraged to de-install the module. Just disabling the module will not suffice since the affected script will restart the daemon regardless of the module enable status (which is another bug ;o)
References:
- KUF-950780 @ esupport.thecus.com
- GQK-866682 @ esupport.thecus-eu.com
/Falk
Update 2010/12/08
Thecus just replied that version 2.11.3 will contain fixes for that issue (v2.11.3 is not available yet)