Project

General

Profile

Actions

Bug #9188

closed

MFA: logout button fails due to backdoor protection

Added by krileon over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
07 June 2023
Due date:
% Done:

100%

Estimated time:

Description

CBs system plugin protect access from Joomla's user component being used outside of CB (e.g. backdoor login/registration). However the MFA page has a logout button. Review either removing logout URL blocking or see if MFA can be detected and allow that URL during MFA.

Actions #2

Updated by krileon over 1 year ago

isHandlingMultiFactorAuthentication is called after onAfterRoute, which is what CB is using to trigger its redirects. afterDispatch (fired after isHandlingMultiFactorAuthentication) can't really be used as redirects before ours would take priority.

Actions #3

Updated by krileon over 1 year ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Fixed in MR !1871

Actions #4

Updated by beat over 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF