Make WordPress Core

Opened 2 months ago

Closed 12 days ago

#61772 closed defect (bug) (invalid)

I saw some bug at undo operation on browser for login credential.

Reported by: herilv's profile herilv Owned by:
Milestone: Priority: normal
Severity: major Version:
Component: Login and Registration Keywords: close reporter-feedback
Focuses: privacy Cc:

Description

I face some bug for doing undo operation on browser, where the entered credential login into the dashboard page, but when undo the page and on again redoing without entering password it allows to log in to the dashboard page. It would very dangerous for privacy concerns if someone just backs the browser.

Change History (2)

#1 @desrosj
2 months ago

  • Component changed from General to Login and Registration
  • Keywords close reporter-feedback added; has-privacy-review removed
  • Version 6.6.1 deleted

Hi @herilv, welcome to Trac!

I've done some testing and I'm unable to reproduce what you're describing on a default install of WordPress with no plugins active using Firefox. I'm also unable to submit the form with an empty password field.

If the first request completed successfully, then the browser would have the required cookies and session data to consider you logged in. I'm not sure that there's a bug here.

I'm going to mark this with a close suggestion since it worksforme, but I'm going to leave it open a bit longer to allow for more feedback. @herilv if you have more precise testing instructions, or are able to identify the root cause of what you're experiencing on a fresh install, please share so someone can take a second look.

#2 @johnbillion
12 days ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Closing this off as there's been no further feedback. @herilv If you are still experiencing this problem and you can provide steps to reliably reproduce it then please feel free to do so, but this currently doesn't look like a valid issue. Thanks!

Note: See TracTickets for help on using tickets.