Details
-
Improvement
-
Resolution: Unresolved
-
Medium
-
None
-
2011.9, 4.6.0-dev
-
None
Description
It may not be a big security issue, insofar as it is only used by the ezpRestNoAuthStyle class, but it should imho check for disabled users too
Attachments
Issue Links
- relates to
-
EZP-18755 REST api: basic auth filter not working with custom login handlers or HashType != md5_user, disabled users
- Open