[JBoss JIRA] Created: (GTNPORTAL-880) password recovery may change anyone's password
by Patrice Lamarque (JIRA)
password recovery may change anyone's password
----------------------------------------------
Key: GTNPORTAL-880
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-880
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: 3.0.0-GA
Reporter: Patrice Lamarque
It looks like anyone can change anyone else's password by using the forgot username function.
A first annoyance is that you can easily lock the default root account like this :
Sign in > Forgot Username / Password > Forgot My Password
Enter 'root'
Now try to login with root / gtn >> you can't.
What Happened ?
Gatein has generated a new password for root and sent it to the default email address which is.... root@localhost (!).
Using this function anyone would be able to change anyone else password.
The flow for password recovery should not regenerate a new password until the user has confirmed by clicking a generated URI in the email.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 10 months
[JBoss JIRA] Created: (GTNPORTAL-884) JCR NullPointerException when using the navigation editor
by Julien Viet (JIRA)
JCR NullPointerException when using the navigation editor
---------------------------------------------------------
Key: GTNPORTAL-884
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-884
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Julien Viet
Assignee: Julien Viet
Fix For: 3.1.0
Login as john
Click sites
Edit classic navigation
Remove Home
Remove Site Map
Save
Edit classic navigation
Add new navigation node
Save : creates NPE with
java.lang.NullPointerException
at org.exoplatform.services.jcr.impl.dataflow.session.SessionChangesLog.addItem(SessionChangesLog.java:594)
at org.exoplatform.services.jcr.impl.dataflow.session.SessionChangesLog.add(SessionChangesLog.java:99)
at org.exoplatform.services.jcr.impl.core.NodeImpl.doOrderBefore(NodeImpl.java:2494)
at org.exoplatform.services.jcr.impl.core.NodeImpl.orderBefore(NodeImpl.java:1612)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 10 months