Once a user has authenticated in the browser, they can type in any username/password on login screen
|Reported by:||TwoHanded@…||Owned by:||coderanger|
|Cc:||coderanger, adeason@…||Trac Release:||0.9|
Once the user has authenticated in their browser, they are taken to the /login page. There, if they type in a DIFFERENT username and ANY password on the /login page, then they are logged in as that user.
The biggest problem with this is that on the /login screen if you type in a valid username, then you can use ANY password and it will allow you to login.
I am hoping that this is just a problem with my configuration My python skills are slim, or I would try to jump in and figure it out.
Thanks for your help!
Change History (11)
Changed 8 years ago by adeason@…
comment:2 Changed 8 years ago by coderanger
- Resolution set to fixed
- Status changed from new to closed
comment:5 Changed 8 years ago by coderanger
- Resolution fixed deleted
- Status changed from closed to reopened