| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001778 | PacketFence | security | public | 2014-03-20 12:25 | 2014-03-20 21:07 |
|
| Reporter | lpelet | |
| Assigned To | francis | |
| Priority | high | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | |
| Platform | All | OS | All | OS Version | All |
| Product Version | 4.0.0 | |
| Target Version | | Fixed in Version | 4.1.1 | |
|
| Summary | 0001778: admin user gain role default |
| Description | In the database schema >= 4.0.0, we define the user admin with the category = 1.
It lets the user admin to gain the role default if authenticated on the captive portal.
Verify that your admin password is strong else users can guess it and register devices with role default.
If you don't use the user admin on the captive portal, remove this capability on the user tab in users properties for admin. |
| Tags | No tags attached. |
|
| fixed in git revision | 27bd6016b8a13638b2c6c06061f4ad4ecf9588c1 |
| fixed in mtn revision | |
|
| Attached Files | |
|
Relationships 
Relationships 