DEFECT: risk crashing your site by even SysAdmin tries to change password for default "Guest" user

Greetings,

While trying remedy another defect of Guest Role having access to "Request Event" button in Calendar page,
as our Systems Administrator, I tried to reset the password for the default "Guest" account along with ensuring all permissions are unchecked.  Our whole Astra Schedule site started having problems, such as users not being able to login.

In the support case, I received the following notification: 
While we were troubleshooting this issue, we noticed a problem with the astra schedule site loading that was caused by changing the guest user password. Please don't change this password as it can cause the site to crash. 

For us, this is a serious Defect and Security Vulnerability and I am still uncertain if this has been escalated yet.

Please, fix this Defect and Security Vulnerability as not everyone wants their homepage to be available to just anyone on the internet. 

Best regards, Jason 

1

Comments

2 comments
  • Jason,

    In order to access our site, you have to have an "@uttyler.edu" email address.  Our students and external clients are considered guests and do not even log into Astra but can still request events.  I can make it so that our guest account does not have "request event" in the top right corner.  Is that what you are trying to do?

    Vicky

     

    0
  • Hello Vicky,

    Yes many institutions allow "guest" access for students and other external persons.  
    Leadership of our institution has not desired that usage of Astra Schedule.

    It has been evidenced that a System Administrator changing the default "Guest" user password has negatively contributed to site instability for our organization.
    It seems we need to post Product Feedback on this Defect because it does not appear to be prioritize since this defect may not be a problem for other institutions that utilize "Guest" login for Astra Schedule.

    Best regards, Jason 

     

    1

Please sign in to leave a comment.

Didn't find what you were looking for?

New post