[Tickets #10211] Login successes despite wrong username with composite authentication
bugs at horde.org
bugs at horde.org
Wed Jun 8 13:26:04 UTC 2011
BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE
E-MAIL-ADRESSE WERDEN NICHT GELESEN.
Ticket-URL: http://bugs.horde.org/ticket/10211
------------------------------------------------------------------------------
Ticket | 10211
Erstellt Von | michael.groene at zel.uni-hannover.de
Zusammenfassung | Login successes despite wrong username with composite
| authentication
Warteschlange | Horde Base
Version | 4.0.5
Typ | Bug
Status | Unconfirmed
Priorität | 2. Medium
Milestone |
Patch |
Zuständige |
------------------------------------------------------------------------------
michael.groene at zel.uni-hannover.de (2011-06-08 13:26) hat geschrieben:
When using composite authentication, letting IMP handle authentication
and using SQL as admin-driver, you can login with any
username/password-combination.
To reproduce use following configuration:
$conf['auth']['driver'] = 'composite';
$conf['auth']['params']['admin_driver']['driver'] = 'sql';
$conf['auth']['params']['admin_driver']['params']=array(
"driverconfig"=>"horde"
);
$conf['auth']['params']['auth_driver']['driver'] = 'application';
$conf['auth']['params']['auth_driver']['params'] =array(
"app"=>"imp"
);
Then login with any username and password.
More information about the bugs
mailing list