Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18276

A user without PR can reset user authentication failures information

    XMLWordPrintable

    Details

    • Difficulty:
      Easy
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      A script service method has been introduced in 11.6RC1 as part of XWIKI-15488 to reset the counter of authentication failures. The @Programming annotation has been used on it, thinking that it would be enough to protect it, for being used only by users with PR.
      However it's not the case: the annotation is only indicative and is not used to perform any check. Which means that right now any user with script rights can use this method.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              surli Simon Urli
              Reporter:
              surli Simon Urli
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: