-
Bug
-
Resolution: Fixed
-
Critical
-
1.0
-
None
It's possible to log into instance by passing parameter "mgnlUserId" into URL without knowing the password. It's enough to hit right username.
Example URL: http://<server>/.magnolia/pages/adminCentral.html?mgnlUserId=<some_ldap_user>&mgnlUserPWD=doesntmatter
Acceptance criteria