After updating password no credentials needed to login
-
wrote on Feb 1, 2023, 6:02 AM last edited by
I am running into this myself.
I have used far more complicated combinations than the following, but I have it set
export LISTMONK_app__admin_username="Gently2729"
export LISTMONK_app__admin_password="ThemePavilionCare"I have also tried
export LISTMONK_app__admin_username='Gently2729'
export LISTMONK_app__admin_password='ThemePavilionCare'I am not prompted for a sign in with an incognito window
-
I am running into this myself.
I have used far more complicated combinations than the following, but I have it set
export LISTMONK_app__admin_username="Gently2729"
export LISTMONK_app__admin_password="ThemePavilionCare"I have also tried
export LISTMONK_app__admin_username='Gently2729'
export LISTMONK_app__admin_password='ThemePavilionCare'I am not prompted for a sign in with an incognito window
wrote on Feb 1, 2023, 6:12 AM last edited byAfter many different tests, the username was the cause.
Once the username is all in lowercase, it would work.
-
After many different tests, the username was the cause.
Once the username is all in lowercase, it would work.
-
I can't really reproduce this. It works just fine with capital case usernames. I used the same creds as in the report:
export LISTMONK_app__admin_username="Gently2729" export LISTMONK_app__admin_password="ThemePavilionCare" -
I can't really reproduce this. It works just fine with capital case usernames. I used the same creds as in the report:
export LISTMONK_app__admin_username="Gently2729" export LISTMONK_app__admin_password="ThemePavilionCare"Maybe to reproduce this:
- Correct Username + Broken Password
- Same Username + Fixed Password
- Still no login needed?
I will try this out.
-
Maybe to reproduce this:
- Correct Username + Broken Password
- Same Username + Fixed Password
- Still no login needed?
I will try this out.
@BrutalBirdie Thanks. Also, this has to be reported upstream because this auth code is by them and not Cloudron.
-
Maybe to reproduce this:
- Correct Username + Broken Password
- Same Username + Fixed Password
- Still no login needed?
I will try this out.
Could not reproduce at all.
very strange. Maybe @privsec needs to share the exact steps to this issue. -
Could not reproduce at all.
very strange. Maybe @privsec needs to share the exact steps to this issue.wrote on Feb 1, 2023, 1:40 PM last edited byI'm thinking perhaps the issue is actually that logging out doesn't seem to actually log you out (at least in Firefox with the plugins I use - not tested elsewhere yet), see:
-
I'm thinking perhaps the issue is actually that logging out doesn't seem to actually log you out (at least in Firefox with the plugins I use - not tested elsewhere yet), see:
wrote on Feb 1, 2023, 1:46 PM last edited byI did a bit more testing.
@privsec are you using the Bitwarden browser extension?
Because further testing seems to suggest if that is enabled and I'm logged into it, then it somehow it magically logs into Listmonk without any interaction from me at all.
If I disable the Bitwarden plugin then I'm prompted to login after logging out.
-
I did a bit more testing.
@privsec are you using the Bitwarden browser extension?
Because further testing seems to suggest if that is enabled and I'm logged into it, then it somehow it magically logs into Listmonk without any interaction from me at all.
If I disable the Bitwarden plugin then I'm prompted to login after logging out.
wrote on Feb 1, 2023, 9:32 PM last edited by@jdaviescoates I am/was
I cant reproduce it either.
Im not sure what and how this occurred, but once I used a lowercase username I was prompted to sign in on every attempt.
So... IDK
ヽ( 。 ヮ゚)ノ -
@jdaviescoates I am/was
I cant reproduce it either.
Im not sure what and how this occurred, but once I used a lowercase username I was prompted to sign in on every attempt.
So... IDK
ヽ( 。 ヮ゚)ノwrote on Feb 1, 2023, 11:48 PM last edited by@privsec said in After updating password no credentials needed to login:
Im not sure what and how this occurred, but once I used a lowercase username I was prompted to sign in on every attempt.
Odd, because my username is lowercase too, and if I have Bitwarden enabled and logged in I am never prompted to login