test
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • sreco Friend
    #132975

    There appears to be a very serious security issue with the JA Login Module.

    On Firefox and Windows Explorer on particular computers, it self populates the admin user id and password in the login window. It continues to do this even after you clear cache, cookies and browsing history.

    It only does this on certain computers. This is a big problem since that population of info makes the capability of editing and modifying a website from the front end available to members of the public who might get lucky and have that info “magically” appear for them. .

    I have had to unpublish this module but my site really needs a login in module for it’s private areas.

    If anyone knows about this or a resolution to eliminate this security risk, we’d really appreciate it. The way the module is designed looks really nice and it would be a shame to not be able to use it.

    dlocc Friend
    #269154

    This seems like a strange thing to happen… populate with the admin account automatically?

    sreco Friend
    #269162

    Yes it is, but it is happening. I thought it might be occuring because there might have been a cookie on my system. It was actually a visitor at another location on a computer that had not visited the site before that alerted me to it.

    Regardless, it is an important security issue that should be checked out before publishing this module in this template.

    Hopefully someone will come up with a resolution soon as it is a very attractive login module.

Viewing 3 posts - 1 through 3 (of 3 total)

This topic contains 3 replies, has 2 voices, and was last updated by  sreco 16 years, 3 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum