Login screen bypass

  • Resolved Eduard Stehlík

    (@stehled)


    2 years ago

    Good evening,

    I’ve gone through the code quickly and found a way a person can bypass the login screen. If you create a cookie with the name simple_limited_access and current date in format Ymd, you are able to bypass the login screen. With that in mind, the login page will be showed to the user every day regardless of the cookie expiration setting, if it’s set for more than 24h. Please consider using safer approach for example the cookie could contain uuid, which would be then validated against database row.

Viewing 1 replies (of 1 total)
  • Plugin Author Leonardo Pinori

    (@leodudedev)

    hello, great advice. I just released an update with the fix you recommended me. good job!

Viewing 1 replies (of 1 total)
  • The topic ‘Login screen bypass’ is closed to new replies.