Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
Message ID: 69864     Entry time: Thu Jan 23 11:32:05 2025
Icon: Warning  Author: Arjan Hulsbosch  Author Email: Arjan.Hulsbosch@ext.esa.int 
Category: Bug report  OS: Linux | Windows | Mac OSX | All | Other  ELOG Version: 3.1.5 
Subject: Webserver authentication may cause redirect loop 

If

  1. Elog is configured to use webserver authentication, and
  2. the user reported by the webserver does not exist in the password file, and
  3. the "Guest Menu commands" configuration is set in "elogd.cfg", and
  4. a logbook is accessed,

then Elog returns with a redirect (302) to the logbook itself, causing the loop.

The fix here is to remove the "Guest Menu commands" configuration from "elogd.cfg".

Source code location: https://bitbucket.org/ritt/elog/src/30ada1df634529c8011c27275c52a05b01b7b3d6/src/elogd.cxx#lines-27599

ELOG V3.1.5-3fb85fa6