MyBB Community Forums Development MyBB 1.8 Development 1.8 Bugs and Issues Pushed v
[Pushed] Custom Admin Theme Set Before Completed Login with 2FA

Threaded Mode
[Pushed] Custom Admin Theme Set Before Completed Login with 2FA
Lunorian Offline
Posts: 715
Threads: 130
Joined: May 2016
Reputation: 27
#1
2017-03-11, 01:19 AM
Hi there. I realized a quick issue earlier today. If I login to my admin account where a custom theme is set, the CSS for that theme will load at the time the 2FA Prompt loads. If I enter an invalid code, my session is reset and I have to retype my username and password, then retry 2FA. However the difference is the login screen now shows my custom admin theme as it was never switched back to default. Was this intentional or is it a bug?
Software Engineer specializing in C# Program Development
Website Find
Reply
dragonexpert Offline

Former Staff
Posts: 4,197
Threads: 137
Joined: Dec 2009
Reputation: 265
#2
2017-03-11, 08:24 AM
I would say a bug. I feel it is a security issue since it shouldn't choose a custom theme until a user is confirmed.
Recent Threads on Index
Social Groups
My Services Free & Paid
Find
Reply
Euan T Offline

Development

Security

Web
Posts: 15,164
Threads: 241
Joined: Jun 2009
Reputation: 700
#3
2017-03-11, 10:21 AM
I would definitely say it's a bug.
Website Find
Reply
Euan T Offline

Development

Security

Web
Posts: 15,164
Threads: 241
Joined: Jun 2009
Reputation: 700
#4
2017-03-11, 10:21 AM
Hi,

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github: https://github.com/mybb/mybb/issues/2700

Thanks for contributing to MyBB!

Regards,
The MyBB Group
Website Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)