[ww-bugs] Bug 3602: New: Incorrect password allows for login
bugzilla-daemon at webwork.maa.org
bugzilla-daemon at webwork.maa.org
Mon Feb 15 17:45:29 EST 2016
http://bugs.webwork.maa.org/show_bug.cgi?id=3602
Summary: Incorrect password allows for login
Product: webwork.maa.org
Version: unspecified
Platform: Macintosh
OS/Version: Mac OS
Status: NEW
Severity: major
Priority: P3
Component: courses1.webwork.maa.org
AssignedTo: gage at math.rochester.edu
ReportedBy: rachit.nigam12 at gmail.com
CC: aubreyja at gmail.com
Web browser Safari
version:
Browser version Current Version (date 02/15/2016)
number:
While entering my password, I accidentally did not type my complete password. I
had not entered the last character in my password but was accepted into the
webwork portal.
On further testing, it seem that the password that the portal seems to be
accepting any string which does not have the last character in the string and
any string that has at least the password string and any additional characters.
For example :
Password : password
Accepted strings : passwor, password1, password123
I have tried this on these links (classes I am enrolled in)
https://webwork2.math.umass.edu/webwork2/S16_MATH_331_5/
https://webwork2.math.umass.edu/webwork2/S16_MATH_515_3/
--
Configure bugmail: http://bugs.webwork.maa.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the webwork-bugs
mailing list