aMule Forum

English => en_Bugs => Topic started by: OldFrog on August 18, 2005, 10:36:43 PM

Title: Lack of security in Web access
Post by: OldFrog on August 18, 2005, 10:36:43 PM
I have enabled web access with password and specific port on the corrent CVS.

Yet I did the following test :

1 - connect on the standard XXX.XXX.XXX.XXX:PPPP port
Had to provide the password, and then went to the transfert page.

So there the url is : http://XXX.XXX.XXX.XXX:PPPP/?ses=-nnnnnnnnnnn&w=transfer&cat=

Where XXX.XXX.XXX.XXX is my IP adsress, PPPP my external port, and nnnnnnnnnn my session.

I copied the link from the current browser (Firefox) to another (IE through wine, go figure 8o)  and the same page opened flawlessly. I should have had at least a popup or something to ask for the password as I did not provide any.

This is annoying, as connection on http servers may use spare CPU cycle for a lot tof things, including mules.

(Besides that, using Kad is impressive, guys, wonderfull job)