Subsonic Forum

by **manybuddhas** » Thu May 28, 2009 8:55 pm

Entering the address of the Subsonic service on my Web server, which let's say is at http://66.185.19.125:8083/, takes me directly to the index rather than the log-in page, and provides access to all the functions in Subsonic.

If you remove the arguments after the http address: /login.view;jsessionid=qkzqn8cqqcc? you can just enter the index without having to log in.

I changed the admin password as described, but still this simple bypass is available. What am I missing?[/code]

by **kdid** » Thu May 28, 2009 10:21 pm

Have you tried that from a webbrowser that never have been used on you site?

It could be you have saved the login info in a cookie in your browser and it is using that in that case.

by **aphuey** » Fri May 29, 2009 5:40 pm

Yeah - I bet if you clear your temp files, you will be forced to log in again...

by **mixmaster** » Fri May 29, 2009 6:34 pm

There is a checkbox on the login page that allows you to choose between remembering your login or not.
________

by **manybuddhas** » Sat May 30, 2009 12:29 am

Thanks all. It was just a cookie, apparently, since the problem did not show up on a computer that hadn't accessed the site before. :oops:

by **bluetooth** » Sat Jun 06, 2009 3:14 pm

From the tutorial section:

http://yourhost/subsonic/login.view?use ... word=guest

Subsonic Forum

Simple way to bypass the login?

Simple way to bypass the login?

Who is online