[Koha-bugs] [Bug 21997] New: SIP patron information requests can lock patron out of account
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Dec 13 20:56:06 CET 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21997
Bug ID: 21997
Summary: SIP patron information requests can lock patron out of
account
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: SIP2
Assignee: koha-bugs at lists.koha-community.org
Reporter: kyle at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
CC: colin.campbell at ptfs-europe.com
Many SIP services send an empty password field (AD). Even if
allow_empty_passwords is enabled for the given SIP account, this empty password
is run though Koha's password checker which increments the number of login
attempts for a patron. Thus repeated patron information requests can lock a
patron out! Empty password fields in SIP should not call for a password check
if allow_empty_passwords is enabled.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list