[Tickets #5171] Login bypassed!
bugs at bugs.horde.org
bugs at bugs.horde.org
Wed Mar 28 16:54:03 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5171
-----------------------------------------------------------------------
Ticket | 5171
Created By | horde at volkerthen.com
Summary | Login bypassed!
Queue | Horde Framework Packages
Version | HEAD
Type | Bug
State | Unconfirmed
Priority | 3. High
Owners |
-----------------------------------------------------------------------
horde at volkerthen.com (2007-03-28 09:54) wrote:
Hi dev team!
There is a vital bug in the horde login (HEAD). Here's what's happening:
First I logged out, then I reloaded
http://mydomain/horde/login.php?logout_reason=logout
Then on the login screen (login.php) information about my last login is
being displayed ("Last login on.... from...")!
After that I checked what will happen when loading /horde/index.php again
-- and voila -- I got logged in without typing any credentials! All of my
data (kronolith, nag, whups and everything else but imp) are being
displayed.
It is not a browser problem. I got access to my horde installation from
_any_ brwoser!
Summary: /horde/ redirects to login.php. Skip this, just load /horde/
again and you got logged in.
My Setup: LDAP Authentication (for years now), PHP file based session
handler.
With a restored older version (2007-03-02) the problem is gone.
Regards
Volker
More information about the bugs
mailing list