Magento Forums
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Admin routing compatibility mode for extensions

   Did you know you can see the translated content as per your choice?

Translation is in progress. Please check again after few minutes.
‎01-07-2016 03:52 AM
‎01-07-2016 03:52 AM

Admin routing compatibility mode for extensions

If I enable Admin routing compatibility mode for extensions Magento states that security of the admin would be weaken.

http://prntscr.com/8z9rqx

Please could someone explain exactly how it would be weaken? I have an instance where I have 20+ extensions which need this enabled to trying to figure out exactly what the security risks are

0 Kudos
3 REPLIES 3
‎01-07-2016 04:41 AM
‎01-07-2016 04:41 AM

Re: Admin routing compatibility mode for extensions

Hi @jamieselesti

 

Check following link https://magento.com/security/patches/supee-6788-technical-details and read

APPSEC-1034, addressing bypassing custom admin URL section.

 

I will try to post more information here.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum
0 Kudos
‎01-07-2016 05:17 AM
‎01-07-2016 05:17 AM

Re: Admin routing compatibility mode for extensions

I was after a more in depth technical answer as in if its enabled and you did the following things you could gain access to x y & z.

0 Kudos
‎01-07-2016 12:53 PM
‎01-07-2016 12:53 PM

Re: Admin routing compatibility mode for extensions

I don't think it makes sense to explain the inner workings of an exploit on a public forum. There are enough script kiddies running around as it is. DM me and I'll explain how it works privately.

---------------------------------------------------
My Magento Security Podcast
0 Kudos
Top