[Tickets #5171] Login bypassed!

bugs at bugs.horde.org bugs at bugs.horde.org
Wed Mar 28 16:54:03 UTC 2007


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=5171
-----------------------------------------------------------------------
 Ticket             | 5171
 Created By         | horde at volkerthen.com
 Summary            | Login bypassed!
 Queue              | Horde Framework Packages
 Version            | HEAD
 Type               | Bug
 State              | Unconfirmed
 Priority           | 3. High
 Owners             | 
-----------------------------------------------------------------------


horde at volkerthen.com (2007-03-28 09:54) wrote:

Hi dev team!

There is a vital bug in the horde login (HEAD). Here's what's happening:

First I logged out, then I reloaded
http://mydomain/horde/login.php?logout_reason=logout

Then on the login screen (login.php) information about my last login is
being displayed ("Last login on.... from...")!

After that I checked what will happen when loading /horde/index.php again
-- and voila -- I got logged in without typing any credentials! All of my
data (kronolith, nag, whups and everything else but imp) are being
displayed.

It is not a browser problem. I got access to my horde installation from
_any_ brwoser!

Summary: /horde/ redirects to login.php. Skip this, just load /horde/
again and you got logged in.

My Setup: LDAP Authentication (for years now), PHP file based session
handler.

With a restored older version (2007-03-02)  the problem is gone. 

Regards

Volker














More information about the bugs mailing list