| Summary | Login bypassed! |
| Queue | Horde Framework Packages |
| Queue Version | HEAD |
| Type | Bug |
| State | Resolved |
| Priority | 3. High |
| Owners | jan (at) horde (dot) org |
| Requester | horde (at) volkerthen (dot) com |
| Created | 03/28/2007 (6692 days ago) |
| Due | 04/01/2007 (6688 days ago) |
| Updated | 04/11/2007 (6678 days ago) |
| Assigned | 03/30/2007 (6690 days ago) |
| Resolved | 04/11/2007 (6678 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
Thanks!
Due ⇒ 04/01/2007
State ⇒ Feedback
Assigned to Jan Schneider
login notifications on the login screen, and twice now I've seen an
alarm notice for one of my tasks before I'm logged in.
alarm system), the mentioned behavior vanishs.
Priority ⇒ 3. High
Type ⇒ Bug
Summary ⇒ Login bypassed!
Due ⇒ 03/31/2007
Queue ⇒ Horde Framework Packages
State ⇒ Unconfirmed
There is a vital bug in the horde login (HEAD). Here's what's happening:
First I logged out, then I reloaded
http://mydomain/horde/login.php?logout_reason=logout
Then on the login screen (login.php) information about my last login
is being displayed ("Last login on.... from...")!
After that I checked what will happen when loading /horde/index.php
again -- and voila -- I got logged in without typing any credentials!
All of my data (kronolith, nag, whups and everything else but imp) are
being displayed.
It is not a browser problem. I got access to my horde installation
from _any_ brwoser!
Summary: /horde/ redirects to login.php. Skip this, just load /horde/
again and you got logged in.
My Setup: LDAP Authentication (for years now), PHP file based session handler.
With a restored older version (2007-03-02) the problem is gone.
Regards
Volker