https://bugzilla.wikimedia.org/show_bug.cgi?id=53376
Web browser: ---
Bug ID: 53376
Summary: logging in when already logged in doesn't validate
password
Product: MediaWiki
Version: 1.22-git
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: Unprioritized
Component: User login and signup
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
If I'm already logged in, and I visit Special:UserLogin anyway and log in as
the same user with password WRONGPASSWORD, login will succeed even though I
entered the wrong password.
This is unfortunate, since
* I'll convince myself that WRONGPASSWORD is my password
* some browsers will offer to remember WRONGPASSWORD, so if I rely on the
browser to save my password it'll fail when I really need to log in.
This happens on enwiki and test2 wiki, I've reproduced in Firefox and Chromium.
It doesn't happen on my local wiki with a hacky setup of CentralAuth, or with
CentralAuth disabled.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
