system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element
- Go to System -> User Mgmt -> Authentication Servers
- Edit an existing entry
- Open source code of the webpage in the browser's dev-tools and manipulate the value of the first field "Descriptive name"
- Click save
Descriptive name should not change
Descriptive name is changed to whatever was entered in the source code view
#1 Updated by Jim Pingle 27 days ago
- Subject changed from System -> User Mgmt -> Authentication Servers: read-only field may be manipulated to system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element
- Category set to User Manager / Privileges
- Assignee set to Jim Pingle
- Priority changed from Low to Very Low
- Target version set to 2.5.0
We can fix this, but it's not really what I'd consider a bug. We disable the field so the user can't do that easily and break places that have the server selected. There is only so much we can do to prevent a user from shooting their feet in places like this.