Apache OpenOffice (AOO) Bugzilla – Issue 106732
Security: Passwordcontainer URL matching broken
Last modified: 2017-05-20 10:28:49 UTC
0) you need access to two http resources with different connection endpoints, e.g. host1 and host2 1) Activate usage of OOo file dialogs (-> Tools/Options/OOo/General) 2) File->Open => Enter 'http://host1/path1' ==> Password dialog appears => enter credentials => enter => file gets loaded/webdav directory listing appears in file picker => close file/file dialog 3) File->Open => Enter 'http://host2/path2' ==> Bug: Password dialog appears, prefilles with credentials for host1! password and username field should be empty. ===> This is a security issue, because OOo automatically sends credentials for host1 to host2(!) before(!) displaying the login dialog with the "wrong" credentials! User has no chance to prevent this. This worked okay in OOo 3.1.
CC'ed tm.
Target adjusted
Fixed in CWS fwk125.
tm: Please verify the fix.
checked and verified in cws fwk125 -> OK