- Article Type: Known Issue
- Product: Voyager
- Product Version: 7.0.1
Workflow implications: A security hole exists in WebVoy?ge in which Patron Authentication is seriously weakened for some.
* If PIN usage enabled in WebVoyage, patrons whose last name contains a diacritic are able to log in with both their own PIN and the default PIN
Issue 16384-13713 resolved for Voyager 8.1.0 and higher.
- In webvoyage.properties, ensure that option.usePIN=Y and that option.defaultPIN=0000
- In Circulation, create a patron record with the last name of WebVoyáge
- Set the patron’s PIN to 12345
- Load WebVoyáge and log into MyAccount using the barcode, last name and PIN entered into Circulation. Everything should work as expected
- Log out of WebVoyáge and log back in, this time using a PIN of 0000 instead of 12345. Patron still authenticated even though PIN is incorrect
- Article last edited: 3/7/2015