Opened 6 years ago
Closed 6 years ago
#1484330 closed Bugs (fixed)
Possible Login without Username!!!
| Reported by: | skandalmail | Owned by: | |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.1-rc1 |
| Component: | Security | Version: | 0.1-beta2 |
| Severity: | major | Keywords: | without username |
| Cc: |
Description
You can login in Roundcube webmail (v0.1-beta2.2) only with a Password, without username!!! This is possible for the first user, that has been registered in roundcube webmail the very first time. (The First webmail Account, logged in)
Change History (5)
comment:1 Changed 6 years ago by skandalmail
- Priority changed from 10 to 5
comment:2 Changed 6 years ago by seansan
comment:3 Changed 6 years ago by thomasb
Only if the IMAP server accepts the login.
comment:4 Changed 6 years ago by thomasb
- Milestone set to 0.1-rc1
Fixed in [f15c2686] by checking for emptiness of $_POST[_user]
comment:5 Changed 6 years ago by thomasb
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
I have tested and have the SAME!!!
I can login without username!!!