\noindent
-The CMS has the following access control mechanisms:
+The \CMS{} has the following access control mechanisms:
\begin{itemize}
\item A login mechanism, where logged in users are allowed to access the backend, and anonymous users are not.
\item
\fail{}
-Verify that the principle of least privilege exists - users
+Verify that the principle of least privilege exists {-} users
should only be able to access functions, data files, URLs,
controllers, services, and other resources, for which they
possess specific authorization. This implies protection
parameter to see or alter another user's account).
\begin{result}
-There is no different access context for distinct users. In particular, they are allowed to access and edit each others' account info, including password. Taken one way, this could be said to be by design and thus OK. But in any reasonable design concept allowing for distinct user accounts, this is clearly not the desired setup.
+There is no different access context for distinct users. In particular, they
+ are allowed to access and edit each others' account info, including
+ password. Taken one way, this could be said to be by design and thus OK\. But in any reasonable design concept allowing for distinct user accounts, this is clearly not the desired setup.
\end{result}
\item
\begin{result}
\begin{itemize}[leftmargin=*]
\item \code{.gitignore} accessible, as well as any other dot-preceded file (except \code{.htaccess} itself by default Apache rules), as well as files such as \code{Thumbs.db} and \code{.DS\_Store}.
- \item Directory contents were listed in my simple setup. A global apache setting may disable by default, but the \code{.htaccess} file doesn't explicitly disable (with \code{Options -Indexes}), so that the CMS's codebase basically enables the listing by default.
+ \item Directory contents were listed in my simple setup. A global apache setting may disable by default, but the \code{.htaccess} file doesn't explicitly disable (with \code{Options -Indexes}), so that the \CMS{}'s codebase basically enables the listing by default.
\end{itemize}
\end{result}
\end{result}
\item
-\pass{}
+\fail{}
Verify that all user and data attributes and policy
information used by access controls cannot be
manipulated by end users unless specifically authorized.
\begin{result}
-This item is the main remaining security concern. I haven't found any obvious fail in the login system, but given the architecture and security status of the whole CMS, I'm not very sure of it.
+This item is the main remaining security concern, as the login form allows SQL
+injections that are capable to alter any information stored in the database.
+This is described in more detail in item V2.6 on page~\pageref{auth:6}.
\end{result}
\notapplicable{
\item
\fail{}
Verify that the application or framework uses strong
-random anti-CSRF tokens or has another transaction
+random anti-\CSRF{} tokens or has another transaction
protection mechanism.
\begin{result}