Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9156

Direct link to ACP login allowed

    Details

      Description

      In case the tickmark "Log me on automatically each visit" is ticked, <board url>/adm will bring you to the ACP login screen.
      In case the tickmark is not set, it will not allow you to the ACP login screen and will even log you out, because it requires the SID. Log out will even occur using <board url>/adm when you are in the ACP.

      Is it a security issue to only direct to the ACP login screen with the SID attached? Should it work the same in case the tickmark is set for log me on automatically?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                CHItA CHItA
                Reporter:
                HGN HGN [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: