Login to website as Admin using any password!

Report bugs and workarounds
Post Reply
tjg88

Login to website as Admin using any password!

Post by tjg88 »

I recently upgraded to 3.0.0.9, when I go to the web page of my system, I can access it as admin with any password! Anyone else seeing this? If so, we need a fix fast!

I changed the password, but it didn't matter, any password still works.
Zwabber
Posts: 69
Joined: 14 Feb 2016 21:26

Re: Login to website as Admin using any password!

Post by Zwabber »

Same here........ :o
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Login to website as Admin using any password!

Post by shawniverson »

Woah, that's not good....checking....
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Login to website as Admin using any password!

Post by shawniverson »

Confirmed. Critical bug is present. Dropping everything to fix...keep checking back for info
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Login to website as Admin using any password!

Post by darky83 »

New version 3.0.1.0 released upgrade asap.
Version eFa 4.x now available!
Steve9R
Posts: 11
Joined: 27 Aug 2015 00:04

Re: Login to website as Admin using any password!

Post by Steve9R »

This only affects people using LDAP Auth though doesnt it ?

Upgrade went straight through and worked fine for me.. cheers.
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Login to website as Admin using any password!

Post by DaN »

This only affects people using LDAP Auth though doesnt it ?
No.
Steve9R
Posts: 11
Joined: 27 Aug 2015 00:04

Re: Login to website as Admin using any password!

Post by Steve9R »

really? I tested on our 3.0.0.9 systems and couldnt login..
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Login to website as Admin using any password!

Post by DaN »

Here is a system without LDAP auth login. I can login to admin account with the "wrong" password.
Post Reply