It's all about the answers!

Ask a question

ADMIN account disabled but still enabled if you login with a incorrectly cased username

Olly Brand (162) | asked Oct 14 '14, 8:40 a.m.
Since upgrading from CLM 4.0.6 to 5.0.1 users are able to log in as ADMIN if they incorrectly enter the case of their username. We're using LDAP and Tomcat so we have to use case sensitive usernames. If a user mistakenly enters a differing case, instead of an error, they are logged in as ADMIN.

I think this might be a bug but before I raise it has anyone seen similar / is there anything I can try?

The has the line

This wasn't happening in 4.0.6.

ADMIN and ADMIN doesn't work, nor does logging in with anything other than the correct case username and password (works as expected) or the incorrect case and correct password (logs you in as ADMIN).

Any thoughts / ideas? Anyone seen similar?

So far I've re-setup the LDAP and copied the config files + tripple checked ADMIN is set to false. All to no avail.

Ralph Schoon commented Oct 14 '14, 11:19 a.m.

I would consider this serious. I'd suggest to get into contact with support.

One answer

permanent link
Olly Brand (162) | answered Oct 16 '14, 3:28 a.m.

Your answer

Register or to post your answer.