<html><body><div>Thank you!</div><div><br></div><div>I found another bug which is very critical. This one allows users to login as any user, even as an administrator with all privileges...</div><div>https://issues.jboss.org/browse/KEYCLOAK-983</div><div><br>Am 20. Januar 2015 um 15:41 schrieb Stian Thorgersen <stian@redhat.com>:<br><br></div><div><blockquote type="cite"><div class="msg-quote"><div class="_stretch"><span class="body-text-content"><span class="body-text-content">Absolutely, pretty nasty one!<br><br>----- Original Message -----<br></span></span><blockquote class="quoted-plain-text" type="cite">From: "Michael Gerber" <<a href="mailto:gerbermichi@me.com" data-mce-href="mailto:gerbermichi@me.com">gerbermichi@me.com</a>></blockquote><blockquote class="quoted-plain-text" type="cite">To: <a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></blockquote><blockquote class="quoted-plain-text" type="cite">Sent: Tuesday, 20 January, 2015 3:37:14 PM</blockquote><blockquote class="quoted-plain-text" type="cite">Subject: [keycloak-dev] Password reset is possible with expired link - KEYCLOAK-980</blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">Hi,</blockquote><blockquote class="quoted-plain-text" type="cite">can you fix this issue in 1.1.0 Final?</blockquote><blockquote class="quoted-plain-text" type="cite"><a href="https://issues.jboss.org/browse/KEYCLOAK-980" data-mce-href="https://issues.jboss.org/browse/KEYCLOAK-980">https://issues.jboss.org/browse/KEYCLOAK-980</a></blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">Thank you</blockquote><blockquote class="quoted-plain-text" type="cite">Michael</blockquote><blockquote class="quoted-plain-text" type="cite"></blockquote><blockquote class="quoted-plain-text" type="cite">_______________________________________________</blockquote><blockquote class="quoted-plain-text" type="cite">keycloak-dev mailing list</blockquote><blockquote class="quoted-plain-text" type="cite"><a href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></blockquote><blockquote class="quoted-plain-text" type="cite"><a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" data-mce-href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></blockquote></div></div></blockquote></div></body></html>