Jump to content

  • Possible to bypass login security

    plantsandbinary

    By plantsandbinary

      • Urgent
    1. Input a password on the main login screen that is wrong a bunch of times to get locked out
    2. It will say that too many attempts happened
    3. Input the correct password
    4. It will still tell you too many attempts happened and nothing will happen
    5. Refresh the page, you are now logged in and at the Unraid menu

     

    This has to be a bug. Basically it seems the login page takes the password even though it spits the message "too many attempts" and you get a cookie which stores that you are logged in. Reloading the page pushes you straight to the Unraid menu and bypasses the 'login lock' which you had from all the failed attempts. Even though you put the password in correctly, you should expect to be locked out until the lock expires.

     

    Tried this on 3 different browsers. Found it by accident.

    Go to reports Stable Releases

    User Feedback

    Recommended Comments

    bonienl

    What version of Unraid did you test?

    I verified this on version 6.10-rc4 and it is not possible to go beyond the login page.

     

    Link to comment
    plantsandbinary

    Version 6.9.2 2021-04-07

     

    Sorry, I should have made that clear.

     

    EDIT: I'll update and see if it still happens.

    Edited by plantsandbinary
    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.

    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.

×
×
  • Create New...