Issue 306 in openwonderland: Security hole - Authenticated login allows login with no password

openwon...@googlecode.com

unread,

Oct 28, 2012, 3:41:19 PM10/28/12

to openwonder...@googlegroups.com

Status: Accepted
Owner: nicole.m...@gmail.com
Labels: Type-Defect Priority-Medium

New issue 306 by nicole.m...@gmail.com: Security hole - Authenticated login
allows login with no password
http://code.google.com/p/openwonderland/issues/detail?id=306

What steps will reproduce the problem?
1. Go to OWL login screen
2. Click "Authenticated User"
2. Enter a user name that is not an authenticated user name
3. Do not enter a password
4. Click login

What is the expected output? What do you see instead?
I would expect to get an error, but instead the user is logged in.

Please use labels and text to provide additional information.

openwon...@googlecode.com

unread,

Oct 29, 2012, 12:24:25 PM10/29/12

to openwonder...@googlegroups.com

Comment #1 on issue 306 by bernho...@gmail.com: Security hole -

Authenticated login allows login with no password
http://code.google.com/p/openwonderland/issues/detail?id=306

Is this logging into a server that also has guest login permitted?

openwon...@googlecode.com

unread,

Jan 15, 2013, 9:15:58 AM1/15/13

to openwonder...@googlegroups.com

Comment #3 on issue 306 by crrami...@gmail.com: Security hole -

Authenticated login allows login with no password
http://code.google.com/p/openwonderland/issues/detail?id=306

So it is not a security hole, just an usability problem

Reply all

Reply to author

Forward