Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-2862

user can log in with incorrect password using URL realm

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.4.0, 1.4.1
    • Component/s: None
    • Labels:
      None

      Description

      here is the url realm configuration:

      authentication-url=https://svn.sonatype.com/repos/
      url-authentication-default-role=admin
      url-authentication-email-domain=sonatype.com
      

      the first time I tried to log in with incorrect password, I failed as expected
      then I tried to log in with the correct password, I logged in as expected
      then I logged out and tried to log in with incorrect password in, it was successful, but it's serious wrong.

        Attachments

          Activity

            People

            • Assignee:
              velo Marvin Herman Froeder
              Reporter:
              juven Juven Xu
              Last Updated By:
              Jason Dillon
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response:

                Time Tracking

                Estimated:
                Original Estimate - 2h Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 6h
                6h