Debugger is leaking nformation to Unauthorised users

Discussion created by Malcolm on Nov 16, 2016
Latest reply on May 9, 2017 by TSGal



Mac OS X 10.11.6

MacBook Pro (Retina, 15-inch, Mid 2015)

CPU 2.5 GHz Intel Core i7

RAM 16 GB 1600 MHz DDR3



An unauthorised user should not be able to obtain any information from the debugger.


What actually happens:

The debugger reveals the call stack to an unauthorised user.





To Reproduce:

Using FMPA, open the debugger and then run a script. In my testing I was attempting to view the login process. So, with the file closed I opened the debugger window. Then I opened the file.


In the first instance I tried to login using an account which was not in the file. The script debugger does not reveal anything to the user.


In the second instance I used a valid account which did not have full access privileges. When I do this the script debugger begins to leak information. I am able to see the names of the scripts being used in the file open sequence.