There appears to be a very serious security issue with the JA Login Module.
On Firefox and Windows Explorer on particular computers, it self populates the admin user id and password in the login window. It continues to do this even after you clear cache, cookies and browsing history.
It only does this on certain computers. This is a big problem since that population of info makes the capability of editing and modifying a website from the front end available to members of the public who might get lucky and have that info “magically” appear for them. .
I have had to unpublish this module but my site really needs a login in module for it’s private areas.
If anyone knows about this or a resolution to eliminate this security risk, we’d really appreciate it. The way the module is designed looks really nice and it would be a shame to not be able to use it.
dlocc
Friend
This seems like a strange thing to happen… populate with the admin account automatically?
Yes it is, but it is happening. I thought it might be occuring because there might have been a cookie on my system. It was actually a visitor at another location on a computer that had not visited the site before that alerted me to it.
Regardless, it is an important security issue that should be checked out before publishing this module in this template.
Hopefully someone will come up with a resolution soon as it is a very attractive login module.
This topic contains 3 replies, has 2 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum
