[LPE-16955] Strangers can always create an account using SSO authentication (OpenID Connect) - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.1 DXP (7.1.10)
Fix Version/s: 7.0.X EE, 7.1.x EE
Component/s: Application Security > OpenID Connect, Security Vulnerability
Labels:

Business Value:
3
CVSS Base Score:
6.5
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

In Liferay DXP 7.1 and DXP 7.0, SSO authentication does not respect the setting, "Allow strangers to create accounts?" If SSO authentication is enabled, users who authenticate using Facebook, Google, OpenID, OpenID Connect or OpenSSO can create an account even if strangers are not allowed to create accounts.

Note: For DXP 7.0 OpenID Connect was first released with DXP 7.0 FP79 including the required changes for this issue.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Tibor Lipusz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Jan/20 2:24 AM

Updated:: 21/Jan/20 9:48 AM

Resolved:: 21/Jan/20 9:48 AM

Packages

Version	Package
7.0.X EE
7.1.x EE