Opened 12 months ago
Closed 12 months ago
#2312 closed defect (duplicate)
Susimail GUI login cached bypassing
| Reported by: | anonymous maybe | Owned by: | zzz |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | apps/susimail | Version: | 0.9.36 |
| Keywords: | Cc: | ||
| Parent Tickets: | #2081 | Sensitive: | no |
Description (last modified by )
typing any random username + password in susmail login page
http://127.0.0.1:7657/susimail/
will log you in.
Note: this is just graphical login , not real login. (nothing is harming , just sound not good to see it).
Subtickets
Attachments (1)
Change History (3)
Changed 12 months ago by
comment:1 Changed 12 months ago by
| Description: | modified (diff) |
|---|
comment:2 Changed 12 months ago by
| Parent Tickets: | → 2081 |
|---|---|
| Resolution: | → duplicate |
| Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
true. It's the server password, we don't use it locally. This will change if we encrypt the local cache, see #2081. See also #2087 for all the other susimail ideas. OP says "not good" but didn't offer any suggested solution. Alternative to collecting password at login time would be to ask for it when connecting to server? that sounds worse.
closing this as it's pretty much a dup of #2081