[rt-users] unprivileged users need to log in twice
David Griffith
dgriffi at cs.csubak.edu
Wed Dec 9 13:50:48 EST 2009
Debian 5.0 upgraded fixed a session fixation vulnerability on December 1,
2009 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559020). It seems
that when this happened, my installation now requires unprivileged users
to log in twice. At the first login, the username and password fields are
cleared and nothing seems to have happened. Put in the username and
password a second time and the user is logged in. Sometimes if I try to
log in as an unprivileged user, get put back to the login screen, then
login as a privileged user, I get logged in with diminished privileges.
Would someone please tell me what's going on? Maybe now would be a good
time to upgrade to 3.8?
--
David Griffith
dgriffi at cs.csubak.edu
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
More information about the rt-users
mailing list