#54988 closed defect (bug) (duplicate)
Password Protected Page access sequrity issue
Reported by: | ravipatel | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Posts, Post Types | Keywords: | |
Focuses: | Cc: |
Description
Follow this steps:
1) Create page 1 and set pass: 111
2) Create page 2 and set same pass : 111
Task: I have set same password for multiple pages.
Now you can access any single page and page content show both pages.
Ideally need to password submit and show specific page only.
Change History (3)
#1
@
3 years ago
- Focuses administration coding-standards removed
- Resolution set to invalid
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
This is not an error, but the way this rather simple function was designed:
When a visitor enters a password for a password-protected page, that password is stored (in clear text) as a cookie in the visitor's browser.
So if you use the same password on several pages, then a visitor will have to enter this password only once.
So I'll take the freedom to close this ticket.