Security hole - Authenticated login allows login with no password

josmas / openwonderland

Automatically exported from code.google.com/p/openwonderland

GNU General Public License v2.0

3 stars 5 forks source link

Security hole - Authenticated login allows login with no password #306

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Go to OWL login screen
2. Click "Authenticated User" 
2. Enter a user name that is not an authenticated user name
3. Do not enter a password
4. Click login

What is the expected output? What do you see instead?
I would expect to get an error, but instead the user is logged in. 

Please use labels and text to provide additional information.

Original issue reported on code.google.com by nicole.m...@gmail.com on 28 Oct 2012 at 7:41

GoogleCodeExporter commented 9 years ago

Is this logging into a server that also has guest login permitted?

Original comment by bernho...@gmail.com on 29 Oct 2012 at 4:24

GoogleCodeExporter commented 9 years ago

Confirmed that if guest login is disabled, you can not log in without a 
password.

Original comment by nicole.m...@gmail.com on 19 Dec 2012 at 9:39

Added labels: Priority-Low
Removed labels: Priority-Medium

GoogleCodeExporter commented 9 years ago

So it is not a security hole, just an usability problem

Original comment by crrami...@gmail.com on 15 Jan 2013 at 2:15