|
Viewing Issue Advanced Details
[ Jump to Notes ]
|
[ View Simple ]
[ Issue History ]
[ Print ]
|
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
|
0001252 |
[Quercus] |
major |
always |
07-15-06 19:23 |
07-17-06 16:51 |
|
|
Reporter |
ajiaojr |
View Status |
public |
|
|
Assigned To |
ferg |
|
Priority |
normal |
Resolution |
fixed |
Platform |
|
|
Status |
closed |
|
OS |
|
|
Projection |
none |
|
OS Version |
|
|
ETA |
none |
Fixed in Version |
3.0.20 |
Product Version |
3.0.19 |
| |
Product Build |
|
|
|
Summary |
0001252: mantis bt not checking user passwords when they login. |
|
Description |
I did a fresh installation of mantis. As long as I specify the username correctly, I am able to login, what I type in the password field doesn't matter.
A fresh installation on apache+mod_php however do require one to specify the correct password.
This problem also exist on http://bugs.caucho.com [^] and IMO is a security flaw. |
|
Steps To Reproduce |
|
|
Additional Information |
|
|
|
Attached Files |
|
|
|
Relationships 
