Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
core/authenticate.php is reachable without admin password #758
I notice that I can still reach the
Thanks for the reply. I get that the page doesn't leak particularly sensitive information, but would it hurt to at least have the option of hiding it in a way that's consistent with the other admin features? My feeling is that any resource that's solely used for debugging and isn't directly involved in serving SAML requests shouldn't be openly available in production.