Active Topics
-
Error after installing Leste on sdcard (14)
to Maemo 7 / Leste by t-b - 2 hrs, 14 mins ago -
Maemo 20th Anniversary (4)
to Brainstorm by teroyk - 22 hrs, 25 mins ago -
Nokia Booklet 3G (RX-75) Drivers (64)
to Alternatives by teroyk - 22 hrs, 41 mins ago -
Porting apps to Leste (46)
to Maemo 7 / Leste by teroyk - 3 days, 2 hrs ago -
Maemo repository (8)
to Community by Maemish - 6 days, 20 hrs ago - more...
| The Following 3 Users Say Thank You to Jaffa For This Useful Post: | ||
 |
|
2010-08-08
, 15:51
|
|
Posts: 91 |
Thanked: 34 times |
Joined on Apr 2010
@ Italy
|
#12
|
Originally Posted by Jaffa
I'm very sorry man, it's been a few days and when HellFlyer said that Reggie saw it and it's all ok I deleted the screenshot, I figured you either didn't really care or you knew about it..
Then can you please do one of:
- Attach it to a new bug report, including details of what you did to get there; the username you've logged on with and a series of screenshots showing each expanded menu entry.
- Crop it and re-attach.
Anyway my guess (just a hypothesis) is that Midgard has a serious flaw in that it checks the validity of the username and password independently. In other words, you can, in theory, log in with a user name from any valid account and a password from any other valid account. I'm saying this because basically what happened was I logged in with Safari but I only wrote my username and the browser filled in the password for me (must have been another password because I don't usually use Safari). I was then logged in as Technical GanXta instead of giecsar, as you can see from the screenshot (that text is actually readable).
__________________
Programmer, web designer/developer, abstract artist. Curently working on an experimental next-gen website, http://www.forum2point0.net
Programmer, web designer/developer, abstract artist. Curently working on an experimental next-gen website, http://www.forum2point0.net
|
|
2010-08-09
, 14:07
|
|
Posts: 540 |
Thanked: 288 times |
Joined on Sep 2009
|
#13
|
Originally Posted by giecsar
Nope, though in this case authentication is done via pam from garage db so the postgres end might have issue, but read on.
Anyway my guess (just a hypothesis) is that Midgard has a serious flaw in that it checks the validity of the username and password independently. In other words, you can, in theory, log in with a user name from any valid account and a password from any other valid account.
Originally Posted by giecsar
More likely is that for reason you managed to somehow hit page that was cached for another user. I can't check this in detail now since I'm on a business trip but I emailed some people to look into it.
I'm saying this because basically what happened was I logged in with Safari but I only wrote my username and the browser filled in the password for me (must have been another password because I don't usually use Safari). I was then logged in as Technical GanXta instead of giecsar, as you can see from the screenshot (that text is actually readable)
__________________
- Live near Helsinki, Finland & interested in electronics ? Check this out.
- Want anti-virus/firewall ? Read this (and follow the links, also: use the search, there are way too many threads asking the same questions over and over and over again).
- I'm experimenting with BitCoins, if you want to tip me send some to: 1CAEy7PYptSasN67TiMYM74ELDVGZS6cCB
https://bugs.maemo.org/enter_bug.cgi....org%20Website
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org