Opened 2 years ago

Closed 2 years ago

#2312 closed defect (duplicate)

Susimail GUI login cached bypassing

Reported by: anonymous maybe Owned by: zzz
Priority: minor Milestone: undecided
Component: apps/susimail Version: 0.9.36
Keywords: Cc:
Parent Tickets: #2081 Sensitive: no

Description (last modified by anonymous maybe)

typing any random username + password in susmail login page

will log you in.

Note: this is just graphical login , not real login. (nothing is harming , just sound not good to see it).


Attachments (1)

susi.png (45.0 KB) - added by anonymous maybe 2 years ago.

Download all attachments as: .zip

Change History (3)

Changed 2 years ago by anonymous maybe

Attachment: susi.png added

comment:1 Changed 2 years ago by anonymous maybe

Description: modified (diff)

comment:2 Changed 2 years ago by zzz

Parent Tickets: 2081
Resolution: duplicate
Status: newclosed

true. It's the server password, we don't use it locally. This will change if we encrypt the local cache, see #2081. See also #2087 for all the other susimail ideas. OP says "not good" but didn't offer any suggested solution. Alternative to collecting password at login time would be to ask for it when connecting to server? that sounds worse.
closing this as it's pretty much a dup of #2081

Note: See TracTickets for help on using tickets.