[LPE-16953] Strangers can always create an account using SSO authentication (Google) - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10)
Fix Version/s: 7.0.X EE, 7.1.x EE
Component/s: Application Security > Google Login, Security Vulnerability
Labels:

Business Value:
3
CVSS Base Score:
6.5
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

In Liferay DXP 7.1 and DXP 7.0, SSO authentication does not respect the setting, "Allow strangers to create accounts?" If SSO authentication is enabled, users who authenticate using Facebook, Google, OpenID, OpenID Connect or OpenSSO can create an account even if strangers are not allowed to create accounts.

Note: Google SSO is not bundled with DXP 7.2.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Tibor Lipusz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Jan/20 1:47 AM

Updated:: 21/Jan/20 9:49 AM

Resolved:: 21/Jan/20 9:48 AM

Packages

Version	Package
7.0.X EE
7.1.x EE