After updating password no credentials needed to login
-
@jdaviescoates said in After updating password no credentials needed to login:
But this still turns auth off completely:
'sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'I can't reproduce this. This is what I have:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'
-
@girish said in After updating password no credentials needed to login:
export LISTMONK_app__admin_username=admin
export LISTMONK_app__admin_password='sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjjGfk62nzW@M!W8VwBepYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&'Odd. I can reproduce it over and over again.
Just did so again:
-
-
@jdaviescoates I'm way off here but... my router's admin page auto logs me in at work if I'm signed in to my vault even though I have auto-fill disabled. Try logging in in a private window (or with all extensions disabled). It also happens to me on Costco dot com. Do you have the passwords saved in your vault?
Edit: I can't reproduce it either on a fresh install. I copied Girish's code like you did in your video. Works fine
Another thought, check Firefox's native password manager if it's still on and it's auto-filling the pass.
I can reproduce it if the code is like this:
export LISTMONK_app__admin_username=admin export LISTMONK_app__admin_password=sBd@ni7fjTo2J3KGRKprGm@YXPxXh7FkJzhatxGgvKJ69gAKA^gu4zfBMYjj*Gfk62nzW@M!W8VwB*epYDtPp%QApFVELKmtwkY63LJYVv@DAsMHwxucNHYFjRxT&
Maybe it's a visual bug because of the double ' ' that gets auto-completed as you type ' in the web terminal at the end of the pass.
recording here: https://ufile.io/24rtfp8a (1MB).
-
@humptydumpty said in After updating password no credentials needed to login:
Try logging in in a private window (or with all extensions disabled).
Tried all that, and same in mobile browsers too.
-
All I can say is that with single quotes all is working fine.
Tested and pushed by my trainee. -
I am running into this myself.
I have used far more complicated combinations than the following, but I have it set
export LISTMONK_app__admin_username="Gently2729"
export LISTMONK_app__admin_password="ThemePavilionCare"I have also tried
export LISTMONK_app__admin_username='Gently2729'
export LISTMONK_app__admin_password='ThemePavilionCare'I am not prompted for a sign in with an incognito window
-
-
I can't really reproduce this. It works just fine with capital case usernames. I used the same creds as in the report:
export LISTMONK_app__admin_username="Gently2729" export LISTMONK_app__admin_password="ThemePavilionCare"
-
@BrutalBirdie Thanks. Also, this has to be reported upstream because this auth code is by them and not Cloudron.
-
Could not reproduce at all.
very strange. Maybe @privsec needs to share the exact steps to this issue. -
I'm thinking perhaps the issue is actually that logging out doesn't seem to actually log you out (at least in Firefox with the plugins I use - not tested elsewhere yet), see:
-
I did a bit more testing.
@privsec are you using the Bitwarden browser extension?
Because further testing seems to suggest if that is enabled and I'm logged into it, then it somehow it magically logs into Listmonk without any interaction from me at all.
If I disable the Bitwarden plugin then I'm prompted to login after logging out.
-
@jdaviescoates I am/was
I cant reproduce it either.
Im not sure what and how this occurred, but once I used a lowercase username I was prompted to sign in on every attempt.
So... IDK
ヽ( 。 ヮ゚)ノ -
@privsec said in After updating password no credentials needed to login:
Im not sure what and how this occurred, but once I used a lowercase username I was prompted to sign in on every attempt.
Odd, because my username is lowercase too, and if I have Bitwarden enabled and logged in I am never prompted to login