[Security] Arbitrary login on jingo wikis

[gissehel]

I found a way to login on any jingo wiki, whatever the authentification method set in the configuration file.

I prefer not to disclose the technic here publicly.

I tested it on the official demo server ( http://jingo.cica.li:6067/wiki/ ) using following credentials (which I obviously don't own : [username : admin / mail : root@gmail.com])

Please contact me in private if you want details about how I've done it.

[claudioc]

Hi @gissehel ,

thank you very much for the heads up. Please contact me at claudio.cicali@gmail.com so I can take actions right away.