Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9156

Direct link to ACP login allowed

    XMLWordPrintable

Details

    Description

      In case the tickmark "Log me on automatically each visit" is ticked, <board url>/adm will bring you to the ACP login screen.
      In case the tickmark is not set, it will not allow you to the ACP login screen and will even log you out, because it requires the SID. Log out will even occur using <board url>/adm when you are in the ACP.

      Is it a security issue to only direct to the ACP login screen with the SID attached? Should it work the same in case the tickmark is set for log me on automatically?

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. PHPBB3-9446 Login credentials wiped out when attempting to log into ACP for the first time.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-10913 Admin is logged out when accessing any url under adm/ without session id

          • Major - Major loss of function.
          • Closed

          Activity

            People

              CHItA CHItA
              HGN HGN [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: