After updating password no credentials needed to login
-
@BrutalBirdie said in After updating password no credentials needed to login:
@jdaviescoates
So just to make it clear.
Single quotes work now, even with the&char?Sometimes.
Using this as a password works:
'apwwith&'But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&' -
@girish
Please don't JUST fix the issue, I have a trainee right now perfect task for him to start learning
I will not show him this conversation and will use this as a little benchmark for his skillset
-
@jdaviescoates said in After updating password no credentials needed to login:
Sometimes.
Using this as a password works:
'apwwith&'
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I will have to test this when I am at home.
-
@BrutalBirdie seems it has something to do with the
%too (or perhaps that is the main culprit?)Anyways, if I remove the
%from:sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&It works with single quotes (but not without).
But with the
%included it breaks the auth even with the single quotes. -
But then this pw works fine too:
apwwith%&So perhaps it a combination of having
%ending with&and length as well?
But it can't be that either because this also works fine:
apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&I've got to collect children from school now so will have to stop testing, hopefully @BrutalBirdie will be able to figure out what's going on!
-
@jdaviescoates said in After updating password no credentials needed to login:
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I can't reproduce this. This is what I have:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&' -
@girish said in After updating password no credentials needed to login:
export LISTMONK_app__admin_username=admin
export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'Odd. I can reproduce it over and over again.
Just did so again:
-
N nebulon referenced this topic on
-
@jdaviescoates I'm way off here but... my router's admin page auto logs me in at work if I'm signed in to my vault even though I have auto-fill disabled. Try logging in in a private window (or with all extensions disabled). It also happens to me on Costco dot com. Do you have the passwords saved in your vault?
Edit: I can't reproduce it either on a fresh install. I copied Girish's code like you did in your video. Works fine
Another thought, check Firefox's native password manager if it's still on and it's auto-filling the pass.
I can reproduce it if the code is like this:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password=sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&Maybe it's a visual bug because of the double ' ' that gets auto-completed as you type ' in the web terminal at the end of the pass.
recording here: https://ufile.io/24rtfp8a (1MB).
-
@humptydumpty said in After updating password no credentials needed to login:
Try logging in in a private window (or with all extensions disabled).
Tried all that, and same in mobile browsers too.
-
All I can say is that with single quotes all is working fine.
Tested and pushed by my trainee. -
I am running into this myself.
I have used far more complicated combinations than the following, but I have it set
export LISTMONK_app__admin_username="Gently2729"
export LISTMONK_app__admin_password="ThemePavilionCare"I have also tried
export LISTMONK_app__admin_username='Gently2729'
export LISTMONK_app__admin_password='ThemePavilionCare'I am not prompted for a sign in with an incognito window
-
-
-
Maybe to reproduce this:
- Correct Username + Broken Password
- Same Username + Fixed Password
- Still no login needed?
I will try this out.
-
@BrutalBirdie Thanks. Also, this has to be reported upstream because this auth code is by them and not Cloudron.
-
Could not reproduce at all.
very strange. Maybe @privsec needs to share the exact steps to this issue. -
I'm thinking perhaps the issue is actually that logging out doesn't seem to actually log you out (at least in Firefox with the plugins I use - not tested elsewhere yet), see:
-
I did a bit more testing.
@privsec are you using the Bitwarden browser extension?
Because further testing seems to suggest if that is enabled and I'm logged into it, then it somehow it magically logs into Listmonk without any interaction from me at all.
If I disable the Bitwarden plugin then I'm prompted to login after logging out.
-
@jdaviescoates I am/was
I cant reproduce it either.
Im not sure what and how this occurred, but once I used a lowercase username I was prompted to sign in on every attempt.
So... IDK
ヽ( 。 ヮ゚)ノ
