Project

General

Profile

Actions
Copy link

Bug #9188

closed

MFA: logout button fails due to backdoor protection

Added by krileon 11 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
krileon
Target version:
CB 2.8.1
Start date:
07 June 2023
Due date:
% Done:

100%

Estimated time:

Description

CBs system plugin protect access from Joomla's user component being used outside of CB (e.g. backdoor login/registration). However the MFA page has a logout button. Review either removing logout URL blocking or see if MFA can be detected and allow that URL during MFA.

Actions
Copy link
 #2

Updated by krileon 10 months ago

isHandlingMultiFactorAuthentication is called after onAfterRoute, which is what CB is using to trigger its redirects. afterDispatch (fired after isHandlingMultiFactorAuthentication) can't really be used as redirects before ours would take priority.

Actions
Copy link
 #3

Updated by krileon 10 months ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Fixed in MR !1871

Actions
Copy link
 #4

Updated by beat 8 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF