This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webadmin login vunerability

I've removed the admin user from webadmin access and allowed only my user account to have webadmin access. If I try to log in with the admin user name and an incorrect password, the first time it fails as expected, but if I wait for the webpage to refresh then type in admin and the same wrong password, it will log in.

I'm running V5.026

This definately appears to be a bug, can someone verify this?

This thread was automatically locked due to age.

0 ReD-MaN over 20 years ago

Doesn't happen here on any machine I have tried. Just tried it on three different ones, always says incorrect username or password.
Cancel
Vote Up 0 Vote Down

Cancel
0 StephaneGROBETY over 20 years ago

I tried this on my two installation (5.026) and everything works as intended: all login as denied.

However, limiting access to the web admin to your own IP range (plus, maybe, VPN) is still a good idea.
Cancel
Vote Up 0 Vote Down

Cancel
0 SecApp over 20 years ago

Try it from another browser; sounds like something in your cache.
If it doesn't work from another browser, then you're good.

But you can see which browser you use, and how accessible it is, can be a touchy matter with Astaro! If you do your configuration from an offline laptop, you'll have more peace of mind...
Cancel
Vote Up 0 Vote Down

Cancel
0 Xeno over 20 years ago in reply to SecApp

Hi Chadlee,

can you provide a description how it is possible to reproduce the problem? I tried but was not able to reproduce.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel