4 matches found
Improper Authentication
Silverstripe/framework is vulnerable to Improper Authentication. The vulnerability is caused by improper user permission checks to verify if a user can login via the Member::canLogIn method, allowing an attacker to gain access to unapproved or revoked users by resetting the password...
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
After performing a password reset, ChangePasswordForm::doChangePassword logs in the user without checking Member::canLogIn. This presents an issue for sites that are using the extension point in that method to deny access to users for example members that have not been “approved”, or members that...
GHSA-P5H2-VR99-XM99 silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
After performing a password reset, ChangePasswordForm::doChangePassword logs in the user without checking Member::canLogIn. This presents an issue for sites that are using the extension point in that method to deny access to users for example members that have not been “approved”, or members that...
SS-2016-011: ChangePasswordForm does not check Member::canLogIn()
More info at https://www.silverstripe.org/download/security-releases/ss-2016-011/...