Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: CM8.4.0
-
Fix Version/s: CM8.4.1.201203
-
Component/s: CUBRID Manager
-
Labels:
-
Environment:
Windows XP
-
Fix Build Number:RB-8.4.1.1xxx
Description
User can change password without knowing the old password.
[Repro Steps]
1) create a host with password is "nhn123456" and login.
2) click to edit the host password tobe "zyy123456"(that host will keep login status)
3) and then click for change Password,
if input "nhn123456" for old password, error shows:The old password is not valid
if input "zyy123456", message for successful change will shows.
In this way,user can change password, without knowing the old password is "nhn123456"
[expect result]
I think "Edit Host password" should not do any change to the password for manager<->server
old password should be "nhn123456" after repro step 2).
but now at page "change password", old password is recognized as password in "host information"
In this way, user can change password,without knowing the old password,
i think issue
TOOLS-307is the root of the bug. after host and password is edited, actually the action of reconnection will never use the new password, always use the oldpassword. but the local variable of "password", which is used to validate the password changing action, has been changed to the new one.So i can solve it merged with
TOOLS-307.