I've just discovered a bug since the new update. I'm using remote authentication, it used to be people couldn't log in with a registered username unless they were that user (eg, they use the right password) but it seems that now, anyone can log in with any username regardless of if that username is already in the database. Eg, I use "Admin" as a username, if someone enters with the username Admin and just makes up a password, they'll be logged in as Admin - but as a guest.
Is this something that can be easily fixed?
No replies to this topic
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users