Filesystem access equals root access #571
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Major
Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Milestone
In addition to being able to login as root password=1234
I can also login using user root password=81dc9bdb52d04dc20036dbd8313ed055
This can have serious consequences if anyone can find a way to print out config/config.ini.php
There may be other situations where an attacker knows the MD5 hash (or other hash should you change digests) but not the password.
The text was updated successfully, but these errors were encountered: