Mantis Bugtracker

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001252 [Quercus] major always 07-15-06 19:23 07-17-06 16:51
Reporter ajiaojr View Status public  
Assigned To ferg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 3.0.20 Product Version 3.0.19
  Product Build
Summary 0001252: mantis bt not checking user passwords when they login.
Description I did a fresh installation of mantis. As long as I specify the username correctly, I am able to login, what I type in the password field doesn't matter.

A fresh installation on apache+mod_php however do require one to specify the correct password.

This problem also exist on [^] and IMO is a security flaw.
Steps To Reproduce
Additional Information
Attached Files

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
07-15-06 19:23 ajiaojr New Issue
07-15-06 19:24 ajiaojr Issue Monitored: ajiaojr
07-17-06 16:50 ferg Assigned To  => ferg
07-17-06 16:50 ferg Status new => closed
07-17-06 16:50 ferg Resolution open => fixed
07-17-06 16:50 ferg Fixed in Version  => 3.0.20

Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
28 total queries executed.
25 unique queries executed.
Powered by Mantis Bugtracker