View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005444 | OXID eShop (all versions) | 1.05. Users | public | 2013-09-29 14:48 | 2014-08-18 09:06 |
| Reporter | henrik.steffen | Assigned To | |||
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | all | OS | all | OS Version | all |
| Product Version | 4.7.8 / 5.0.8 | ||||
| Target Version | 4.8.5 / 5.1.5 | Fixed in Version | 4.9.0_5.2.0_beta1 | ||
| Summary | 0005444: Login by customer number should be prevented | ||||
| Description | Customer numbers are consecutively genereated by the shop. Attackers could guess customer numbers and use them for brut-forcing logins. Would be better, if only e-mail-addresses could be used as usernames (maybe as a future option?) | ||||
| Tags | No tags attached. | ||||
| Theme | Azure | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
