View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Supportez nous sur Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - [Security] Shared accounts can change the password - ProjeQtOr

Prochaines Sessions

Les prochaines formations et démonstrations sont ouvertes, inscrivez-vous rapidement !

 

Démonstration de ProjeQtOr

(gratuit, sur inscription)
 

13 mai 2025 (10h30-12h)

5 juin 2025 (16h-17h30)

  
 

Planifiez avec ProjeQtOr

14 et 15 mai 2025 (9h-12h30)

18 et 19 juin 2025 (9h-12h30)

  
 

Administrez avec ProjeQtOr

20 et 21 mai (9h-12h30)

25 et 26 juin (9h-12h30)

  

 

 

[Security] Shared accounts can change the password

More
14 Déc 2016 10:16 #1 by papjul
[Security] Shared accounts can change the password was created by papjul
Hi,

I just noticed that passwords for accounts on tracker.projeqtor.org and demo.projeqtor.org can be changed easily from the login screen. This looks like a security issue to me (hopefully, the admin can still revert this back but you don't want to reset the password every morning).
To me, a shared account should not be able to change password and access the user parameters (the latter can be changed) but the admin should be able to change the user parameters if needed.

Thank you,

Please Connexion or Create an account to join the conversation.

More
14 Déc 2016 10:34 #2 by babynus
Replied by babynus on topic [Security] Shared accounts can change the password
You're right, on Demo it's been fixed.

On track, issue is different as only guest user is concerned.
We have many other users on this instance, that should be able to change password.
So, yes, possibly we'll have to reset password from time to time for guest user...
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

More
14 Déc 2016 10:47 #3 by papjul
Replied by papjul on topic [Security] Shared accounts can change the password
But your tracker is not the only ProjeQtOr instance where shared accounts exists.
I have an account with read-only access to ProjeQtOr used by I don't know how many people, maybe 30, maybe 50, and I don't want them to be able to change the password.
Same goes for our suppliers, I don't know how many resources they have.
Thank you for considering the issue,

Please Connexion or Create an account to join the conversation.

More
14 Déc 2016 11:04 #4 by babynus
Replied by babynus on topic [Security] Shared accounts can change the password
Request recorded as Ticket #2447.

Notivce that this is not an issue, it is an evolution.
By the way, ProjeQtOr is not designed to share accounts.
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.044 seconds

Paramétrages de cookies

×

Cookies fonctionnels

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Veuillez vous connecter pour voir vos activités!

Autres cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form