Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-163

Administration Console allows login of unauthorized users

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 1.0.3
    • 0.4.4
    • Core features
    • None

      When a valid (but unauthorized) principal (user) of Crowd tries to login to the Administration Console after an (authorized) administrator has been logged in and then logged out on the same computer, this unauthorized principal will be granted access to the Administration Console during some time window (approx. 5 minutes).

      Clearing all cookies in the browser when the authorized admin has logged out doesn't help to avoid the problem. Expiring the session in the Administration Console doesn't help either - the login will be successful again when performed within the time window.

      Ironically if this unauthorized principal (when being logged in) surfs to Applications - Crowd - Config Test and provides his credentials there, he is (correctly) rejected ("Invalid verification").

            [CWD-163] Administration Console allows login of unauthorized users

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1509362 ] New: JAC Bug Workflow v3 [ 3365474 ]
            Owen made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1391219 ] New: Simplified Crowd Development Workflow v2 - restricted [ 1509362 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 272843 ] New: Simplified Crowd Development Workflow v2 [ 1391219 ]
            jawong.adm made changes -
            Workflow Original: JIRA Bug Workflow v2 [ 174094 ] New: Crowd Development Workflow v2 [ 272843 ]
            Justin Koke made changes -
            Workflow Original: jira [ 76808 ] New: JIRA Bug Workflow v2 [ 174094 ]
            shihab made changes -
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            shihab made changes -
            Fix Version/s New: 1.0.3 [ 12752 ]
            Assignee Original: Justen Stepka [Atlassian] [ justen.stepka@atlassian.com ] New: shihab [ shamid@atlassian.com ]
            Resolution New: Fixed [ 1 ]
            Status Original: Open [ 1 ] New: Resolved [ 5 ]

            shihab added a comment -

            Yes this bug has been fixed since the implementation of CWD-216.

            Unfortunately this issue hadn't been closed in JIRA. Closing now.

            shihab added a comment - Yes this bug has been fixed since the implementation of CWD-216 . Unfortunately this issue hadn't been closed in JIRA. Closing now.

            Bernd Rinn added a comment -

            I can confirm that the bug is no longer present in version 1.0.3 (which is the version that we are using). So probably this bug is a duplicate of CWD-216.

            Bernd Rinn added a comment - I can confirm that the bug is no longer present in version 1.0.3 (which is the version that we are using). So probably this bug is a duplicate of CWD-216 .

            kgbvax added a comment -

            May I ask what the status of this is?

            kgbvax added a comment - May I ask what the status of this is?

              shamid@atlassian.com shihab
              cd6347d59f92 Bernd Rinn
              Affected customers:
              1 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: