Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Admin password can be set multiple times. #493

s4s0l opened this issue Jan 11, 2017 · 1 comment


Copy link

commented Jan 11, 2017


It seems to be possible to reset

admin password after it has been set.

Steps to reproduce the issue:

  1. Run portainer
  2. POST to /api/users/admin/init with json [password: mypassword]
  3. login with this password
  4. POST to /api/users/admin/init with json [password: myotherpassword] without Authorization header
  5. Login with mypassword is impossible
  6. Login with myotherpassword is possible

I think after first init second should require Authorization header at least.

Groovy script to reproduce in BUG.txt file.

Technical details:

  • Portainer version: 1.11.1
  • Portainer Docker image tag (latest/arm/windows...): latest
  • Target Docker version (the host/cluster you manage): 1.13.0-rc5
  • Target Swarm version (if applicable): swarm mode 1.13.0-rc5

This comment has been minimized.

Copy link

commented Jan 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.