search

nus-cs2113-AY2021S2 / pe-dev-response

0 stars 0 forks source link

Able to log in with password reset after change in password (multiple log in infos) #1342

Open nus-pe-bot opened 3 years ago

nus-pe-bot commented 3 years ago

This bug follows from being able to create multiple log in infos with the same email without tampering with the data file. (See Able to log into account with multiple passwords bug report)

After changing both instances to have the same password (Password2@) and resetting to Password1!, the Password2@ account still persists. Major security issues. image.png

[original: nus-cs2113-AY2021S2/pe-interim#1342] [original labels: severity.High type.FunctionalityBug]

jalvinchan commented 3 years ago

Team's Response

This bug is caused by the same defect in the same part of the code, where the log in info is updated with the new user info even though user try to register for an invalid email/password. Fixing this error would fix all of these bugs.

Duplicate status (if any):

Duplicate of #1340