Pages requiring admin credential can be navigated without it
Bug #714572 reported by
gbastien
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AuthPuppy |
Fix Released
|
High
|
Unassigned | ||
Bug Description
If one without admin credential but authenticated in the system knows the url to an admin protected path, he can access that page:
- I logged in demo.authpuppy.org as admin/admin
- created "12345" test user (with admin rights)
- created "user1" test user (with NO admin rights)
- I logged out
- logged in again with user1
- I was able to DELETE "12345" user.
Revision history for this message
| gbastien (gbastien02) wrote | #1 |
| Changed in authpuppy: | |
| status: | New → Fix Committed |
| importance: | Undecided → High |
Revision history for this message
| Andrea Grandi (andreagrandi) wrote | #2 |
Revision history for this message
| gbastien (gbastien02) wrote | #3 |
| Changed in authpuppy: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Done in rev 118