cancel
Showing results for 
Search instead for 
Did you mean: 

Admin routing compatibility mode for extensions

Admin routing compatibility mode for extensions

If I enable Admin routing compatibility mode for extensions Magento states that security of the admin would be weaken.

http://prntscr.com/8z9rqx

Please could someone explain exactly how it would be weaken? I have an instance where I have 20+ extensions which need this enabled to trying to figure out exactly what the security risks are

3 REPLIES

Re: Admin routing compatibility mode for extensions

Hi @jamieselesti

 

Check following link https://magento.com/security/patches/supee-6788-technical-details and read

APPSEC-1034, addressing bypassing custom admin URL section.

 

I will try to post more information here.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Admin routing compatibility mode for extensions

I was after a more in depth technical answer as in if its enabled and you did the following things you could gain access to x y & z.

Re: Admin routing compatibility mode for extensions

I don't think it makes sense to explain the inner workings of an exploit on a public forum. There are enough script kiddies running around as it is. DM me and I'll explain how it works privately.

---------------------------------------------------
Subscribe to my Magento Security Podcast