View Issue Details

IDProjectCategoryView StatusLast Update
0000594bugs.cacert.orgpublic2020-06-27 12:21
Reporternetsurf Assigned Tojandd  
PrioritynormalSeveritytweakReproducibilityhave not tried
Status closedResolutionsuspended 
Summary0000594: Wrong remote IP address on password reset e-mail
DescriptionWhen requesting a password reset, an e-mail is sent with a link to reset your password. In this e-mail, you are also given the remote IP address of who requested the reset. Instead of my public IP address, I get this:

Username: netsurf
Remote IP address: 172.16.2.1

Presumably, this is the local gateway the server is behind as 172.16.0.0/16 is reserved for private use.
TagsNo tags attached.

Activities

Daniel Black

2009-06-03 04:11

reporter   ~0001424

Last edited: 2009-06-03 04:13

quite right - the bug tracker is behind a SSL proxy which hides the IP of origin. Maybe if we get to deploying x509 authentication on the bug tracker bug 0000678 this problem will also be solved.

DavidMcIlwraith

2012-08-16 09:12

reporter   ~0003140

No, that's not plausible. Adding certificate-based authentication will not change the output of the IP of origin (and may cause other issues, such as the continual need to patch bug-tracker software, as it is externally sourced...), and a password reset would not be necessary if one could login with a certificate.

jandd

2013-01-10 19:33

administrator   ~0003637

The bug tracking software could possible be fixed if the SSL proxy sets a X-Forwarded-For HTTP header. I don't know whether this is the case and whether mantis supports this (yet).

jandd

2013-01-10 19:34

administrator   ~0003638

I will have a look at whether it is possible to fix this with the current infrastructure.

jandd

2020-06-27 12:21

administrator   ~0005891

the current password reset mechanisms work differently. There is no email with an IP address anymore.

Issue History

Date Modified Username Field Change
2008-08-12 18:54 netsurf New Issue
2009-06-03 04:11 Daniel Black Note Added: 0001424
2009-06-03 04:13 Daniel Black Note Edited: 0001424
2012-08-16 09:12 DavidMcIlwraith Note Added: 0003140
2013-01-10 19:33 jandd Note Added: 0003637
2013-01-10 19:34 jandd Assigned To => jandd
2013-01-10 19:34 jandd Note Added: 0003638
2013-01-10 19:34 jandd Status new => needs work
2020-06-27 12:21 jandd Status needs work => closed
2020-06-27 12:21 jandd Resolution open => suspended
2020-06-27 12:21 jandd Note Added: 0005891