Dangerous bug/feature in plugin.

  • Resolved grue_pm

    (@grue_pm)


    10 years, 4 months ago

    Hey there,

    Might be worth redesigning the configuration interface so that the “Change your admin username and Improve your site security” field is well away from the “Add IPs into permanent blacklist:”

    Doing this while tired I managed to paste an IP address into the former and changed my login name to the IP as a result. Fortunately I realised what I’d done and could login with it to fix. It’d be easy enough for someone to do this by mistake and completely lose access unless they 1. Realised what had happened and 2. Had enough experience to go hunting through the database to look for the new username.

    An “are you sure?” prompt wouldn’t go astray as well if this sort of thing is possible.

    The other thing I found while it hung up the browser as it did this change it also logged multiple failed IP’s from my address which, if the temporary auto-blocking was working, would have locked me out for 24 hours.

    https://www.ads-software.com/plugins/captcha-on-login/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Dangerous bug/feature in plugin.’ is closed to new replies.