0007037: Port: Login with disabled account possible - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0007037	mantisbt	security	public	2006-05-05 12:34	2006-05-07 03:51

Reporter	vboctor	Assigned To	vboctor
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.0.2
Fixed in Version	1.0.3

Summary	0007037: Port: Login with disabled account possible
Description	With this bug it is possible to login although an account is disabled. I go to www.myserver.com/mantis/ and click "Lost your password?" and then enter the data of my disabled account. No I get an email with a password reset link. When I click it, I see the login-screen, but when I go then back to www.myserver.com/mantis/: Voila! I'm logged in with my disabled account!
Tags	No tags attached.

child of	0007006	closed	vboctor	Login with disabled account possible
child of	0006971	closed	vboctor	Mantis 1.0.3 Release