+ Post New Thread
Results 1 to 6 of 6
Home Access Plus+ Thread, HAP v10.2 Security Issue? in Projects:; Hi Everyone, We have been using HAP for over a year now and are really happy with it. I've just ...
  1. #1

    Join Date
    Aug 2014
    Location
    SE London
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    HAP v10.2 Security Issue?

    Hi Everyone,

    We have been using HAP for over a year now and are really happy with it. I've just upgraded to v10.2 and after a bit of playing around I have noticed that if you change the login url from /login.aspx?ReturnUrl=%2f to /setup.aspx I can access the backend with no authentication challenge!

    Has anyone seen the same thing or something similar?

    Thanks

    Quick Edit: without entering any passwords I have successfully added an AD group to HAP and changed around the front page icons!!
    Last edited by TheAG; 6th August 2014 at 09:16 PM.

  2. #2
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,564
    Thank Post
    38
    Thanked 509 Times in 439 Posts
    Rep Power
    114
    Save the config, it'll tell you what you do to lock it down

  3. #3

    Join Date
    Aug 2014
    Location
    SE London
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Red face

    Hi Nick,

    I went through that but it would't work. I ended up creating a new file called setup.aspx and copying the contents over and deleting the original one. It seemed to work ok after that.
    I'm guessing it might have been an issue when extracting the files as I had a problem with incorrect permissions getting applied to the HAP folder.

    Everything is nice and secure now.

    Thanks

  4. #4
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,564
    Thank Post
    38
    Thanked 509 Times in 439 Posts
    Rep Power
    114
    The info at the top of the page will lock the page down so no one can access it without a domain admin account.

  5. #5

    Join Date
    Aug 2014
    Location
    SE London
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    That was the issue, it wasn't locking the page and left it open for anyone to access the backend. Once I recreated the setup.aspx it worked.
    I have checked the rest of the site and it seems fine too.

    As I said, there were some odd permissions that got applied when copying over the HAP directory, even though I reset them I wonder if that might have caused the problem. I have had a quick play with HAP and IIS7.5 this afternoon and I can't replicate the error.

  6. #6
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,564
    Thank Post
    38
    Thanked 509 Times in 439 Posts
    Rep Power
    114
    Ok, good to know, odd issue.

SHARE:
+ Post New Thread

Similar Threads

  1. HAP+ Event Log Security Issue
    By gianzack in forum Home Access Plus+
    Replies: 0
    Last Post: 8th December 2011, 04:29 PM
  2. Fronter Security Issues
    By Grommit in forum Virtual Learning Platforms
    Replies: 11
    Last Post: 9th October 2009, 01:15 PM
  3. Server security issue
    By steve_nfi in forum Windows
    Replies: 5
    Last Post: 1st July 2008, 02:09 PM
  4. networking PDA's & security issues
    By projector1 in forum Hardware
    Replies: 3
    Last Post: 12th April 2008, 10:18 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •