e-recruit security hole

marco sanchez

Hi everyone

I found this , maybe some of you notice before but I want to share with you :

the URL to connect with e-recruit module has this structure :


I notice if I change from /servlet/com.jdedwards.runtime.shortcut.ShortcutLauncher?scApp=P08400&scForm=W08400A in the URL to /E1Menu.maf you have access to E1 menus and depends how you set up the security for the Anonymous user you can see everything.

eg :https://xxxxxx.xxxxxx.com/jde/servl....ShortcutLauncher?scApp=P08400&scForm=W08400A to https://xxxxxx.xxxxxx.com/jde/E1Menu.maf

The solution that I applied was :
restricted all the menus on the role assigned to the anonymous user (FineCut);
Give only access to appls that are relation to the e-recruit site.
Restriction to the Solution Explorer.