Security: logAttempt succeeds if the password is of the first user in the users table #215

AfzalivE · 2014-02-06T21:11:28Z

Using the UserController supplied with Confide, the do_login function looks like this:

If I use something like TamperMonkey or Postman to submit a form that only has the following field with the corresponding value, no username or email field:

password  = "password_of_the_first_user_in_the_users_table"

It actually logs in. I have verified this on two of my projects. Can anyone confirm this behaviour?

The text was updated successfully, but these errors were encountered:

AfzalivE · 2014-02-08T21:52:29Z

So, this was happening because the $identity_columns is empty after array_diff since there are no fields besides password.

Fixed Zizaco#215

AfzalivE mentioned this issue Feb 8, 2014

Check for empty identity_columns after array_diff #219

Merged

AfzalivE closed this as completed Feb 9, 2014

AfzalivE added a commit to AfzalivE/confide that referenced this issue Feb 11, 2014

Passing nonexistent credentials should return null

7b6fa97

Fixed Zizaco#215

AfzalivE mentioned this issue Feb 11, 2014

Passing non-existent credentials should return null user #220

Merged

AfzalivE reopened this Feb 11, 2014

andrew13 closed this as completed in #220 Feb 18, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: logAttempt succeeds if the password is of the first user in the users table #215

Security: logAttempt succeeds if the password is of the first user in the users table #215

AfzalivE commented Feb 6, 2014

AfzalivE commented Feb 8, 2014

Security: logAttempt succeeds if the password is of the first user in the users table #215

Security: logAttempt succeeds if the password is of the first user in the users table #215

Comments

AfzalivE commented Feb 6, 2014

AfzalivE commented Feb 8, 2014