View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0017027||phpList 3 application||Security||public||20-01-14 21:03||15-02-14 13:10|
|Target Version||3.0.6||Fixed in Version||3.0.6|
|Summary||0017027: Creating new Admin, leaves admin without password|
Creating a new admin, does not allow a password to be imputed.
This allows the new user (which can be a super admin) to log in with no password.
Password cannot be reset by editing admin or requesting a fogotten password email. Both result in this error "Error sending password change token"
|Steps To Reproduce||Install 3.0.5|
Config->Manage Administrators->Add New Admin->
Add a username and email
if you want make them a super admin. Give it privileges if you want, i gave them all 4 checkboxed.
Login with the user's name and no password. You now have full access
|Additional Information||in extended_config:|
$require_login = 1;
|Tags||No tags attached.|
The idea is that on creation of an admin the change password email is sent. But if that fails, then yes, it should not be possible to login.
Will be good to verify that.
||Yep that's exactly it, i had a typo in my smtp server which prevented it from sending.|