← Back to team overview

openerp-india team mailing list archive

[Bug 1015092] Re: password fields are visible thanks to "set default"

 

** Changed in: openobject-server
   Importance: Undecided => Medium

** Changed in: openobject-server
       Status: New => Confirmed

** Changed in: openobject-server
     Assignee: (unassigned) => OpenERP Publisher's Warranty Team (openerp-opw)

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1015092

Title:
  password fields are visible thanks to "set default"

Status in OpenERP Server:
  Confirmed

Bug description:
  On your database
  1.  load a module with password fields (like import_google)
  2. Set information on user form like login and pass of google
  3. If you have access to "set default", e.g as an admin, you potentially have access to all the google accounts of your members.

  I don't know if it's specifically the import_google or the webclient
  in general that should be checked, but I think it's a security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1015092/+subscriptions