| Summary | Login successes despite wrong username with composite authentication |
| Queue | Horde Framework Packages |
| Type | Bug |
| State | Resolved |
| Priority | 3. High |
| Owners | jan (at) horde (dot) org |
| Requester | michael.groene (at) zel (dot) uni-hannover (dot) de |
| Created | 06/08/2011 (5141 days ago) |
| Due | |
| Updated | 06/08/2011 (5141 days ago) |
| Assigned | 06/08/2011 (5141 days ago) |
| Resolved | 06/08/2011 (5141 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
Version ⇒
Queue ⇒ Horde Framework Packages
Taken from
Taken from Michael Slusarz
State ⇒ Resolved
This method must throw an exception on failed login (
Bug #10211).2 files changed, 4 insertions(+), 2 deletions(-)
http://git.horde.org/horde-git/-/commit/7b0bb8b2d0017e905d42d6b34c100caf30d3d356
State ⇒ Assigned
Assigned to
Assigned to Michael Slusarz
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ Login successes despite wrong username with composite authentication
Queue ⇒ Horde Base
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
and using SQL as admin-driver, you can login with any
username/password-combination.
To reproduce use following configuration:
$conf['auth']['driver'] = 'composite';
$conf['auth']['params']['admin_driver']['driver'] = 'sql';
$conf['auth']['params']['admin_driver']['params']=array(
"driverconfig"=>"horde"
);
$conf['auth']['params']['auth_driver']['driver'] = 'application';
$conf['auth']['params']['auth_driver']['params'] =array(
"app"=>"imp"
);
Then login with any username and password.