[CMS-13393] Failed CMS login doesn't give proper http response code - Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: High
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 12.6.11, 13.4.4, 14.3.0
Component/s: None
Labels:
None

Flagged:

Flagged
Processed by team:
Pulsar
Sprint:
Pulsar 240 - 14.3 Hardening, Pulsar 241 - Site Dev APIs 1

Description

When you fail to login to the CMS you don't get the correct http response code as result. This makes it more difficult to react to failed logins with web-application-firewall (waf).
I've tested this with 13.4.1-1

Reproduction path:

Run a project locally
Go to the CMS login page
Observe network traffic in browser dev tools
Enter wrong credentials

Expectected behaviour:

get a 401 (Unauthorized) response code

Actual result

get a 302 (Found), forwarding to "Location: ./?0"
get a number of 200 response codes

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2020-08-17-12-01-19-728.png
71 kB
17/Aug/20 12:01 PM
Screenshot 2020-05-20 at 15.06.35.png
52 kB
20/May/20 3:06 PM

Activity

People

Assignee:: Unassigned

Reporter:: Niels Out

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 20/May/20 2:47 PM

Updated:: 21/Aug/20 12:08 PM

Resolved:: 19/Aug/20 9:35 AM

Details

Description

Attachments

Attachments

Activity

People

Dates

related-pages-webpanel