Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001252 [Quercus] major always 07-15-06 19:23 07-17-06 16:51
Reporter ajiaojr View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 3.0.19
Summary 0001252: mantis bt not checking user passwords when they login.
Description I did a fresh installation of mantis. As long as I specify the username correctly, I am able to login, what I type in the password field doesn't matter.

A fresh installation on apache+mod_php however do require one to specify the correct password.

This problem also exist on http://bugs.caucho.com [^] and IMO is a security flaw.
Additional Information
Attached Files

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
07-15-06 19:23 ajiaojr New Issue
07-15-06 19:24 ajiaojr Issue Monitored: ajiaojr
07-17-06 16:50 ferg Assigned To  => ferg
07-17-06 16:50 ferg Status new => closed
07-17-06 16:50 ferg Resolution open => fixed
07-17-06 16:50 ferg Fixed in Version  => 3.0.20


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
28 total queries executed.
25 unique queries executed.
Powered by Mantis Bugtracker