Once a user has authenticated in the browser, they can type in any username/password on login screen
|Reported by:||Owned by:||Noah Kantrowitz|
|Cc:||Noah Kantrowitz, adeason@…||Trac Release:||0.9|
Once the user has authenticated in their browser, they are taken to the /login page. There, if they type in a DIFFERENT username and ANY password on the /login page, then they are logged in as that user.
The biggest problem with this is that on the /login screen if you type in a valid username, then you can use ANY password and it will allow you to login.
I am hoping that this is just a problem with my configuration My python skills are slim, or I would try to jump in and figure it out.
Thanks for your help!