Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Admin password can be set multiple times. #493

Closed
s4s0l opened this issue Jan 11, 2017 · 1 comment

Comments

@s4s0l
Copy link

commented Jan 11, 2017

BUG.txt
Description

It seems to be possible to reset

admin password after it has been set.

Steps to reproduce the issue:

  1. Run portainer
  2. POST to /api/users/admin/init with json [password: mypassword]
  3. login with this password
  4. POST to /api/users/admin/init with json [password: myotherpassword] without Authorization header
  5. Login with mypassword is impossible
  6. Login with myotherpassword is possible

I think after first init second should require Authorization header at least.

Groovy script to reproduce in BUG.txt file.

Technical details:

  • Portainer version: 1.11.1
  • Portainer Docker image tag (latest/arm/windows...): latest
  • Target Docker version (the host/cluster you manage): 1.13.0-rc5
  • Target Swarm version (if applicable): swarm mode 1.13.0-rc5
@ncresswell

This comment has been minimized.

Copy link
Member

commented Jan 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.