After updating password no credentials needed to login
-
@jdaviescoates
So just to make it clear.
Single quotes work now, even with the&char? -
@BrutalBirdie said in After updating password no credentials needed to login:
@jdaviescoates
So just to make it clear.
Single quotes work now, even with the&char?Sometimes.
Using this as a password works:
'apwwith&'But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'@jdaviescoates said in After updating password no credentials needed to login:
Sometimes.
Using this as a password works:
'apwwith&'
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I will have to test this when I am at home.
-
@jdaviescoates said in After updating password no credentials needed to login:
Sometimes.
Using this as a password works:
'apwwith&'
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I will have to test this when I am at home.
@BrutalBirdie seems it has something to do with the
%too (or perhaps that is the main culprit?)Anyways, if I remove the
%from:sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&It works with single quotes (but not without).
But with the
%included it breaks the auth even with the single quotes. -
@BrutalBirdie seems it has something to do with the
%too (or perhaps that is the main culprit?)Anyways, if I remove the
%from:sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&It works with single quotes (but not without).
But with the
%included it breaks the auth even with the single quotes.But then this pw works fine too:
apwwith%&So perhaps it a combination of having
%ending with&and length as well?
But it can't be that either because this also works fine:
apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&apwwith%&I've got to collect children from school now so will have to stop testing, hopefully @BrutalBirdie will be able to figure out what's going on!
-
@BrutalBirdie said in After updating password no credentials needed to login:
@jdaviescoates
So just to make it clear.
Single quotes work now, even with the&char?Sometimes.
Using this as a password works:
'apwwith&'But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'@jdaviescoates said in After updating password no credentials needed to login:
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I can't reproduce this. This is what I have:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&' -
@jdaviescoates said in After updating password no credentials needed to login:
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I can't reproduce this. This is what I have:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'@girish said in After updating password no credentials needed to login:
export LISTMONK_app__admin_username=admin
export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'Odd. I can reproduce it over and over again.
Just did so again:
-
N nebulon referenced this topic on
-
@girish said in After updating password no credentials needed to login:
export LISTMONK_app__admin_username=admin
export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'Odd. I can reproduce it over and over again.
Just did so again:
@jdaviescoates I'm way off here but... my router's admin page auto logs me in at work if I'm signed in to my vault even though I have auto-fill disabled. Try logging in in a private window (or with all extensions disabled). It also happens to me on Costco dot com. Do you have the passwords saved in your vault?
Edit: I can't reproduce it either on a fresh install. I copied Girish's code like you did in your video. Works fine
Another thought, check Firefox's native password manager if it's still on and it's auto-filling the pass.
I can reproduce it if the code is like this:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password=sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&Maybe it's a visual bug because of the double ' ' that gets auto-completed as you type ' in the web terminal at the end of the pass.
recording here: https://ufile.io/24rtfp8a (1MB).
-
@jdaviescoates I'm way off here but... my router's admin page auto logs me in at work if I'm signed in to my vault even though I have auto-fill disabled. Try logging in in a private window (or with all extensions disabled). It also happens to me on Costco dot com. Do you have the passwords saved in your vault?
Edit: I can't reproduce it either on a fresh install. I copied Girish's code like you did in your video. Works fine
Another thought, check Firefox's native password manager if it's still on and it's auto-filling the pass.
I can reproduce it if the code is like this:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password=sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&Maybe it's a visual bug because of the double ' ' that gets auto-completed as you type ' in the web terminal at the end of the pass.
recording here: https://ufile.io/24rtfp8a (1MB).
@humptydumpty said in After updating password no credentials needed to login:
Try logging in in a private window (or with all extensions disabled).
Tried all that, and same in mobile browsers too.
-
@humptydumpty said in After updating password no credentials needed to login:
Try logging in in a private window (or with all extensions disabled).
Tried all that, and same in mobile browsers too.
All I can say is that with single quotes all is working fine.
Tested and pushed by my trainee. -
I am running into this myself.
I have used far more complicated combinations than the following, but I have it set
export LISTMONK_app__admin_username="Gently2729"
export LISTMONK_app__admin_password="ThemePavilionCare"I have also tried
export LISTMONK_app__admin_username='Gently2729'
export LISTMONK_app__admin_password='ThemePavilionCare'I am not prompted for a sign in with an incognito window
-
I am running into this myself.
I have used far more complicated combinations than the following, but I have it set
export LISTMONK_app__admin_username="Gently2729"
export LISTMONK_app__admin_password="ThemePavilionCare"I have also tried
export LISTMONK_app__admin_username='Gently2729'
export LISTMONK_app__admin_password='ThemePavilionCare'I am not prompted for a sign in with an incognito window
-
After many different tests, the username was the cause.
Once the username is all in lowercase, it would work.
-
I can't really reproduce this. It works just fine with capital case usernames. I used the same creds as in the report:
export LISTMONK_app__admin_username="Gently2729" export LISTMONK_app__admin_password="ThemePavilionCare"Maybe to reproduce this:
- Correct Username + Broken Password
- Same Username + Fixed Password
- Still no login needed?
I will try this out.
Like my work? Consider donating a drink. Cheers!
-
Maybe to reproduce this:
- Correct Username + Broken Password
- Same Username + Fixed Password
- Still no login needed?
I will try this out.
-
Maybe to reproduce this:
- Correct Username + Broken Password
- Same Username + Fixed Password
- Still no login needed?
I will try this out.
-
Could not reproduce at all.
very strange. Maybe @privsec needs to share the exact steps to this issue. -
I'm thinking perhaps the issue is actually that logging out doesn't seem to actually log you out (at least in Firefox with the plugins I use - not tested elsewhere yet), see:
I did a bit more testing.
@privsec are you using the Bitwarden browser extension?
Because further testing seems to suggest if that is enabled and I'm logged into it, then it somehow it magically logs into Listmonk without any interaction from me at all.
If I disable the Bitwarden plugin then I'm prompted to login after logging out.
-
I did a bit more testing.
@privsec are you using the Bitwarden browser extension?
Because further testing seems to suggest if that is enabled and I'm logged into it, then it somehow it magically logs into Listmonk without any interaction from me at all.
If I disable the Bitwarden plugin then I'm prompted to login after logging out.
-
@jdaviescoates I am/was
I cant reproduce it either.
Im not sure what and how this occurred, but once I used a lowercase username I was prompted to sign in on every attempt.
So... IDK
ヽ( 。 ヮ゚)ノ@privsec said in After updating password no credentials needed to login:
Im not sure what and how this occurred, but once I used a lowercase username I was prompted to sign in on every attempt.
Odd, because my username is lowercase too, and if I have Bitwarden enabled and logged in I am never prompted to login
