Bug Unlock link does not work

Status
Not open for further replies.

Nirjonadda

Customer
@DragonByte Tech We have set Security watchers for Failed Staff Account Logins with 5 hits from the same IP in 1 hours Email webmaster, Ban IP address, Email user, Lock account (User unlock). So have one admin Account locked because DragonByte Security has detected a potential security breach And user get email for Unlock there account link but this link does not working. Also Resend email link does not send to user new Unlock account link. When Account locked admin will be do login in Admin CP then get The requested page could not be found. Please we need fix this issue ASAP. Thanks

Admin CP then get The requested page could not be found:

ScreenShot00045.png

Unlock there account link will be still be Locked Account page. Email link: /dbtech-security/account-lock/unlock?user_id=1&hash=ff2068875ca622b04730f5f2002acc20

ScreenShot00046.png

Email link send to this link: /dbtech-security/account-lock?_xfRedirect=https%3A%2F%2Fmysite.com%2Fdbtech-security%2Faccount-lock%2Funlock%3Fuser_id%3D1%26hash%3Dff2068875ca622b04730f5f2002acc20
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future release (4.3.3).

Change log:
Fix: Ensure all redirects use the public route (prevents race condition where admin accounts are redirected)
Fix: Ensure the "resend" and "unlock" actions are also excluded from force redirects

 
Status
Not open for further replies.

DragonByte Security

XenForo 1.5.3+ XenForo 2.0.x XenForo 2.1.x XenForo 2.2.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
2,202
Customer rating
5.00 star(s) 1 ratings
Top