Skip to main content
ExLibris

Knowledge Assistant

BETA
  • Subscribe by RSS
  • Back
    Aleph

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Aleph
    3. Knowledge Articles
    4. Security issue when Web OPAC URL is copied/shared

    Security issue when Web OPAC URL is copied/shared

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    No headers

     

    • Product: Aleph
    • Product Version: 20, 21, 22, 23
    • Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care

     

    Description: 
    We have a security issue: 

    Patron A logs in to the OPAC, finds a book, clicks on full view, and copies the URL 

    http://neptun.corp.exlibrisgroup.com...001&format=999 

    and sends this link to Patron B. When Patron B clicks on this URL he can see the Login data from Patron A, because the ID-Session is still active. 

    (Once the ID- session is not active anymore, it is OK: Patron B can no longer see Patron A's Login Data.) 

    [As described in KB 5895, Patron B, using patron B's session ID, will see Patron A's search results.] 

     

    Resolution: 

    In an Internal  Note.  Contact Ex Libris Support.

     


    • Article last edited: 02-Mar-2016
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Secure SMTP in Aleph 20
      • Security scan flags OpenSSL/0.9.8za as security risk
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Aleph
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved